Supporting requirements engineers in recognising security issues

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 6606 LNCS, Issue , 2011, Pages 4-18

  Knauss, Eric ^a   Houmb, Siv ^b   Schneider, Kurt ^a   Islam, Shareeful ^c   Jürjens, Jan ^d  

^a LEIBNIZ UNIVERSITY HANNOVER   (Germany)

^b SecureNOK Ltd   (Norway)

^c UNIVERSITY OF EAST LONDON   (United Kingdom)

^d TU DORTMUND UNIVERSITY   (Germany)

Author keywords

empirical study; natural language processing; requirements analysis; secure software engineering

Indexed keywords

BAYESIAN CLASSIFIER; DOMAIN SPECIFIC; EMPIRICAL STUDIES; ERROR PRONES; LABOUR-INTENSIVE; NATURAL LANGUAGE PROCESSING; REQUIREMENTS ANALYSIS; REQUIREMENTS ENGINEERS; SECURE SOFTWARE ENGINEERING; SECURITY AWARENESS; SECURITY EXPERTS; SECURITY ISSUES; SECURITY PROBLEMS; SECURITY REQUIREMENTS; SOFTWARE DEVELOPMENT PROCESS; SOFTWARE PROJECT;

COMPUTATIONAL LINGUISTICS; COMPUTER SOFTWARE SELECTION AND EVALUATION; ENGINEERING; ENGINEERS; NATURAL LANGUAGE PROCESSING SYSTEMS; SOFTWARE DESIGN;

REQUIREMENTS ENGINEERING;

EID: 79953098501     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-19858-8_2     Document Type: Conference Paper

References (29)

1. International Standardization Organization. ISO 15408:2007 Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 2, CCMB-2007-09-001, CCMB- 2007-09-002 and CCMB-2007-09-003 (September 2007)
2. Houmb, S.H., Islam, S., Knauss, E., Jürens, J., Schneider, K.: Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec. Requirements Engineering Journal 15(1), 63-93 (2010)
3. Knauss, E., Lübke, D., Meyer, S.: Feedback-Driven Requirements Engineering: The Heuristic Requirements Assistant. In: International Conference on Software Engineering (ICSE 2009), Formal Research Demonstrations Track, Vancouver, Canada, pp. 587-590 (2009)
4. Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)
5. Schneider, K., Stapel, K., Knauss, E.: Beyond Documents: Visualizing Informal Communication. In: Proceedings of Third International Workshop on Requirements Engineering Visualization (REV 2008), Barcelona, Spain (2008)
6. den Braber, F., Hogganvik, I., Lund, M., Stølen, K., Vraalsen, F.: Model-based security analysis in seven steps - a guided tour to the CORAS method. BT Technology Journal 25(1), 101-117 (2007) (Pubitemid 46455705)
7. Barber, B., Davey, J.: The use of the CCTA risk-analysis and management methodology [CRAMM] in health information systems. In: Degoulet, P., Lun, K., Piemme, T., Rienhoff, O. (eds.) MEDINFO 1992, pp. 1589-1593. Elsevier, North-Holland (1992)
8. Alberts, C., Dorofee, A.: Managing Information Security Risks: The OCTAVE (TM) Approach. Addison-Wesley, New York (2002)
9. Chantree, F., Nuseibeh, B., de Roeck, A., Willis, A.: Identifying Nocuous Ambiguities in Natural Language Requirements. In: Proceedings of the 14th IEEE International Requirements Engineering Conference, Minneapolis, USA, pp. 56-65. IEEE Computer Society, Los Alamitos (2006) (Pubitemid 351424200)
10. Kiyavitskaya, N., Zeni, N., Mich, L., Berry, D.M.: Requirements for tools for ambiguity identification and measurement in natural language requirements specifications. Requirements Engineering Journal 13(3), 207-239 (2008)
11. Graham, P.: A Plan for Spam (2002) Web (January 2011), http://www.paulgraham.com/spam.html
12. Rennie, J.D.M., Shih, L., Teevan, J., Karger, D.R.: Tackling the Poor Assumptions of Naive Bayes Text Classifiers. In: Proceedings of the Twentieth International Conference on Machine Learning (ICML 2003), Washington, DC (2003)
13. Russell, S., Norvig, P.: Artificial Intelligence: a Modern Approach. Prentice Hall, New Jersey (1995)
14. Ireson, N., Ciravegna, F., Califf, M.E., Freitag, D., Kushmerick, N., Lavelli, A.: Evaluating machine learning for information extraction. In: ICML 2005: Proceedings of the 22nd International Conference on Machine Learning, Bonn, Germany, pp. 345-352. ACM, New York (2005) (Pubitemid 43183352)
15. Weiss, S.M., Kulikowski, C.A.: Computer systems that learn: classification and prediction methods from statistics, neural nets, machine learning, and expert systems. M. Kaufmann Publishers, San Mateo (1991)
16. Baeza-Yates, R., Ribeiro-Neto, B.: Modern Information Retrieval. ACM Press, Addison Wesley (1999)
17. CEPSCO: Common Electronic Purse Specification (ePurse), http://web.archive.org/web/, http://www.cepsco.com (accessed April 2007)
18. TISPAN, ETSI: Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Services requirements and capabilities for customer networks connected to TISPAN NGN. Technical report, European Telecommunications Standards Institute
19. GlobalPlatform: Global Platform Specification (GPS), http://www. globalplatform.org (accessed August 2010)
20. Wohlin, C., Runeson, P., Höst, M., Ohlsson, M.C., Regnell, B., Wesslén, A.: Experimentation In Software Engineering: An Introduction. Kluwer Academic Publishers, Boston (2000)
21. Chung, L.: Dealing with Security Requirements During the Development of Information Systems. In: Rolland, C., Cauvet, C., Bodart, F. (eds.) CAiSE 1993. LNCS, vol. 685, pp. 234-251. Springer, Heidelberg (1993)
22. Dubois, E., Wu, S.: A framework for dealing with and specifying security requirements in information systems. In: Katsikas, S.K., Gritzalis, D. (eds.) SEC. IFIP Conference Proceedings, vol. 54, pp. 88-99. Chapman & Hall, Boca Raton (1996)
23. Lin, L., Nuseibeh, B., Ince, D.C., Jackson, M., Moffett, J.D.: Introducing Abuse Frames for Analysing Security Requirements. In: RE, pp. 371-372. IEEE Computer Society, Los Alamitos (2003)
24. Giorgini, P., Massacci, F., Mylopoulos, J.: Requirement engineering meets security: A case study on modelling secure electronic transactions by VISA and mastercard. In: Song, I.-Y., Liddle, S.W., Ling, T.-W., Scheuermann, P. (eds.) ER 2003. LNCS, vol. 2813, pp. 263-276. Springer, Heidelberg (2003)
25. Heitmeyer, C.L., Archer, M., Leonard, E.I., McLean, J.: Applying Formal Methods to a Certifiably Secure Software System. IEEE Trans. Software Eng. 34(1), 82-98 (2008) (Pubitemid 351343904)
26. Berry, D., Kamsties, E.: 2. Ambiguity in Requirements Specification. In: Perspectives on Requirements Engineering, pp. 7-44. Kluwer, Dordrecht (2004)
27. Kof, L.: Text Analysis for Requirements Engineering. PhD thesis, Technische Universität München, München (2005)
28. Lee, S.W., Muthurajan, D., Gandhi, R.A., Yavagal, D.S., Ahn, G.J.: Building Decision Support Problem Domain Ontology from Natural Language Requirements for Software Assurance. International Journal of Software Engineering and Knowledge Engineering 16(6), 851-884 (2006) (Pubitemid 46181435)
29. Kiyavitskaya, N., Zeni, N., Breaux, T.D., Antón, A.I., Cordy, J.R., Mich, L., Mylopoulos, J.: Automating the extraction of rights and obligations for regulatory compliance. In: Li, Q., Spaccapietra, S., Yu, E., Olivé, A. (eds.) ER 2008. LNCS, vol. 5231, pp. 154-168. Springer, Heidelberg (2008)