A social ontology for integrating security and software engineering

Integrating Security and Software Engineering: Advances and Future Visions

Volumn , Issue , 2006, Pages 70-105

  Yu, E ^a   Liu, L ^b   Mylopoulos, J ^a  

^a UNIVERSITY OF TORONTO   (Canada)

^b TSINGHUA UNIVERSITY   (China)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84899311212     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.4018/978-1-59904-147-6.ch004     Document Type: Chapter

References (67)

1. Alberts, C., & Dorofee, A. (2002, July). Managing information security risks: The OCTAVE (SM) approach. Boston: Addison Wesley.
2. th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ-02), Essen, Germany (pp. 9-10).
3. Alexander, I. (2003, January). Misuse cases: Use cases with hostile intent. IEEE Software, 20(1), 58-66.
4. Anderson, R. (2001). Security engineering: A guide to building dependable distributed systems. New York: Wiley.
5. Backhouse, J., & Dhillon, G. (1996). Structures of responsibilities and security of information systems. European Journal of Information Systems, 5(1), 2-10.
6. Baskerville, R. (1993). Information systems security design methods: Implications for information systems development. Computing Surveys, 25(4), 375-414.
7. Boehm, B. W. (1988). A spiral model of software development and enhancement. IEEE Computer, 21(5), 61-72.
8. th IFIP TC11 International Conference on Information Security.
9. Bresciani, P., Perini, A., Giorgini, P., Giunchiglia, F., & Mylopoulos, J. (2004). Tropos: An agent-oriented software development methodology. Autonomous Agents and Multi-Agent Systems, 8(3), 203-236.
10. st ed.). Boston: Addison-Wesley.
11. Castro, J., Kolp, M., & Mylopoulos, J. (2002). Towards requirements driven information systems engineering: The Tropos project. Information Systems, 27(6), 365-389.
12. th International Conference Advanced Information Systems Engineering, CAiSE '93 (pp. 234-251). Springer.
13. Chung L., Nixon, B. A., Yu, E., & Mylopoulos, J. (2000). Non-functional requirements in software engineering. Kluwer Academic Publishers.
14. CRAMM - CCTA (Central Computer and Telecommunications Agency, UK). Risk analysis and management method. Retrieved from http://www.cramm.com/cramm.htm
15. th IEEE International Requirements Engineering Conference (RE'05), Paris (pp. 157-166).
16. Dardenne, A., van Lamsweerde, A., & Fickas, S. (1993). Goal-directed requirements acquisition. Science of Computer Programming, 20(1-2), 3-50.
17. Denning, D. E. (1998). The limits of formal security models. National Computer Systems Security Award Acceptance Speech. Retrieved October 18, 1999, from www.cs.georgetown.edu/~denning/infosec/award.html
18. Dhillon, G., & Backhouse, J. (2001). Current directions in IS security research: Toward socio-organizational perspectives. Information Systems Journal, 11(2), 127-154.
19. Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, R., & Chandramouli, R. (2001, August). Proposed NIST standard for role-based access control. ACM Transactions on Information and Systems Security, 4(3), 224-74.
20. nd International Conference, (ICCBSS 2003) (pp. 81-91). Lecture Notes in Computer Science 2580. Ottawa, Canada: Springer.
21. th International Conference on Information Security (SEC2003) (pp. 409-412). Athens, Greece. Kluwer.
22. nd International Conference on Conceptual Modelling (ER'03) (LNCS 2813, pp. 263-276). Chicago: Springer.
23. rd International Conference on Trust Management (iTrust 2005). LNCS 3477. Heidelberg: Springer-Verlag.
24. th IEEE International Symposium on Requirements Engineering (RE 2001) (pp. 316-317). Toronto, Canada.
25. Helmer, G., Wong, J., Slagell, M., Honavar, V., Miller, L., & Lutz, R. (2002). A software fault tree approach to requirements analysis of an intrusion detection system. In P. Loucopoulos & J. Mylopoulos (Ed.), Special Issue on Requirements Engineering for Information Security. Requirements Engineering (Vol. 7, No. 4, pp. 177-220).
26. Herrmann, G., & Pernul, G. (1999). Viewing business-process security from different perspectives. International Journal of Electronic Commerce, 3(3), 89-103.
27. ISO 17799. (1999). Information security management - Part 1: Code of practice for information security. London: British Standards Institution.
28. Kazman, R., Klein, M., & Clements, P. (2000). ATAM: Method for architectural evaluation (CMU/SEI-2000-TR-004). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University.
29. Liu, L., & Yu, E. (2003). Designing information systems in social context: A goal and scenario modelling approach. Information Systems, 29(2), 187-203.
30. rd International Conference on Conceptual Modelling (ER 2004) (pp. 555-566). LNCS 3288. Berlin, Heidelberg: Springer-Verlag.
31. nd Symposium on Requirements Engineering for Information Security (SREIS'02). Raleigh, NC.
32. Liu, L., Yu, E., & Mylopoulos, J. (2003, September). Security and privacy requirements analysis within a social setting. Proceedings of International Conference on Requirements Engineering (RE'03) (pp. 151-161). Monterey, CA.
33. th International Conference on The Unified Modelling Language, Dresden, Germany (pp. 426-441).
34. Mayer, N., Rifaut, A., & Dubois, E. (2005). Towards a risk-based security requirements engineering framework. Workshop on Requirements Engineering For Software Quality (REFSQ'05), at the Conference for Advanced Information Systems Engineering (CAiSE), Porto, Portugal.
35. th IEEE Annual Computer Security Applications Conference, Scottsdale, USA (pp. 55-67).
36. th Conference on Advanced Information Systems Engineering (CAiSE 03) (Vol. LNCS 2681, pp. 63-78). Klagenfurt, Austria: Springer.
37. th International Conference on Enterprise Information Systems, Porto, Portugal.
38. th European Conference on Pattern Languages of Programs, Irsee, Germany.
39. th International Joint Conference on Autonomous Agents and Multiagent Systems (AAMAS05). Utrecht, The Netherlands: ACM Press.
40. Peltier, T. R. (2001, January). Information security risk analysis. Boca Raton, FL: Auerbach Publications.
41. nd European Symposium on Research in Computer Security (ESORICS 1992) (pp. 349-370). Toulouse, France. Lecture Notes in Computer Science 648. Springer.
42. th International Conference on Information Security.
43. nd Annual Hawaii International Conference on Systems Sciences.
44. Rolland, C., Grosz, G., & Kla, R. (1999, June). Experience with goal-scenario coupling in requirements engineering. Proceedings of the IEEE International Symposium on Requirements Engineering, Limerick, Ireland.
45. Samarati, P., & Vimercati, S. (2001). Access control: Policies, models, and mechanisms. In R. Focardi & R. Gorrieri (Eds.), Foundations of security analysis and design: Tutorial lectures (pp. 137-196). LNCS 2171.
46. Sandhu, R. (2003, January/February). Good enough security: Towards a business driven discipline. IEEE Internet Computing, 7(1), 66-68.
47. Sandhu, R. S., Coyne, E. J., Feinstein, H. L., & Youman, C. E. (1996, February). Role-based access control models. IEEE Computer, 29(2), 38-47.
48. Schneier, B. (1999). Attack trees modelling security threats. Dr. Dobb's Journal, December. Retrieved from http://www.counterpane.com/attacktrees-ddj-ft.html
49. Schneier, B. (2003). Beyond fear: Thinking sensibly about security in an uncertain world. New York: Copernicus Books, an imprint of Springer-Verlag.
50. Schneier, B., & Shostack, A. (1998). Breaking up is hard to do: Modelling security threats for smart-cards. First USENIX Symposium on Smart-Cards, USENIX Press. Retrieved from http://www.counterpane.com/smart-card-threats.html
51. rd ed.). MIT Press.
52. th Conference on Techniques of Object-Oriented Languages and Systems (pp. 120-131). TOOLS Pacific 2000.
53. th International Workshop on Requirements Engineering, Foundation for Software Quality (REFSQ2001), Switzerland.
54. Siponen, M. T., & Baskerville, R. (2001). A new paradigm for adding security into IS development methods. In J. Eloff, L. Labuschagne, R. von Solms, & G. Dhillon (Eds.), Advances in information security management & small systems security (pp. 99-111). Boston: Kluwer Academic Publishers.
55. Strens, M. R., & Dobson, J. E. (1994). Responsibility modelling as a technique for requirements definition. IEEE, 3(1), 20-26.
56. th International Requirements Engineering Conference (RE'05), Paris (pp. 53-62).
57. th IEEE International Symposium on Requirements Engineering (RE 2001) (p. 249). Toronto, Canada.
58. th International Conference on Software Engineering (pp. 148-157). Edinburgh: ACM-IEEE.
59. van Lamsweerde, A., Brohez, S., Landtsheer, R., & Janssens, D. (2003, September). From system goals to intruder anti-goals: Attack generation and resolution for security requirements engineering. Proceedings of the RE'03 Workshop on Requirements for High Assurance Systems (RHAS'03) (pp. 49-56). Monterey, CA.
60. st IEEE International Symposium on Requirements Engineering (pp. 34-41). San Diego, CA.
61. rd IEEE International Symposium on Requirements Engineering (RE'97) (pp. 226-235). Washington, DC.
62. Yu, E. (2001a, April). Agent orientation as a modelling paradigm. Wirtschaftsinformatik, 43(2), 123-132.
63. Yu, E. (2001b). Agent-oriented modelling: Software versus the world. Agent-Oriented Software Engineering AOSE-2001 Workshop Proceedings (LNCS 222, pp. 206-225). Springer Verlag.
64. nd Symposium on Requirements Engineering for Information Security (SREIS'02). Raleigh, NC.
65. rd Workshop on Deception, Fraud and Trust in Agent Societies, Barcelona, Catalonia, Spain (at Agents2000).
66. Yu, E., & Liu, L.(2001). Modelling trust for system design using the i* strategic actors framework. In R. Falcone, M. Singh, & Y. H. Tan (Eds.), Trust in cyber-societies--integrating the human and artificial perspectives (pp. 175-194). LNAI-2246. Springer.
67. th International Conference on Conceptual Modelling (ER-2001) (LNCS 2224, pp. 164-178). Yokohama, Japan: Spring Verlag.