Dealing with security requirements during the development of information systems

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 685 LNCS, Issue , 1993, Pages 234-251

  Chung, Lawrence ^a  

^a UNIVERSITY OF TORONTO   (Canada)

Author keywords

[No Author keywords available]

Indexed keywords

CRYPTOGRAPHY; SYSTEMS ENGINEERING;

DESIGN DECISIONS; DESIGN RATIONALE; DEVELOPMENT PROCESS; PROCESS-ORIENTED APPROACHES; PROTOTYPE DESIGNS; SECURITY REQUIREMENTS; SOFTWARE SYSTEMS; USER FRIENDLINESS;

INFORMATION SYSTEMS;

EID: 84979855000     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: None     Document Type: Conference Paper

References (49)

1. J. A. Adam, “Threats and Countermeasures,” IEEE Spectrum, vol. 29, no. 8, Aug. 1992, pp. 21-28.
2. E. Amoroso, T. Nguyen, J. Weiss, J. Watson, P. Lapiska, and T. Starr, “Towards an Approach to Measuring Software Trust,” Proc. IEEE Symp. Security and Privacy, May 1991, pp. 198-218.
3. BIM Prolog 3.1 Manual. BIM sa/nv, Belgium, 1992.
4. T. C. Vickers Benzel, “Developing Trusted Systems Using DOD-STD-2167A,” 5th Annual Computer Security Appl. Conf., Tucson, Arizona, Dec. 4-8, 1989, pp. 166-176.
5. B. W. Boehm, “A Spiral Model of Software Development and Enhancement”, Vol. 11, No. 4, ACM Software Eng. Notes, Aug. 1986.
6. T. Bui and T. R. Sivasankaran, “Cost-Effective Modeling for a Decision Support System in Computer Security,” Computers & Security, vol. 6, no. 2, Apr. 1987, pp. 139-151.
7. Canadian System Security Centre, The Canadian Trusted Computer Product Evaluation Criteria, Version 2.0. Ottawa, Apr. 1992.
8. Canadian Bankers’ Association, MasterCard and Visa Statistics, Toronto, Dec. 1991.
9. L. Chung, “Representation and Utilization of Non-Functional Requirements for Information System Design.” In R. Anderson, J. A. Bubenko, Jr., A. Sølvberg (Eds.), Advanced Information Systems Eng., Proc, 3rd Int. Conf. CAiSE '91, Trondheim, Norway, May 13-15, 1991. Berlin: Springer-Verlag, 1991, pp. 5-30.
10. K. L. Chung, P. Katalagarianos, M. Marakakis, M. Mertikas, J. Mylopoulos and Y. Vassiliou, “From Information System Requirements to Designs: A Mapping Framework,” Information Systems, vol. 16, no. 4, 1991, pp. 429-461.
11. D. D. Clark and D. R. Wilson, “A Comparison of Commercial and Military Computer Security Policies,” Proc. IEEE Symp. Security and Privacy, 1987, pp. 184-194.
12. S. D. Crocker, “Software Methodology for Development of a Trusted BMS: Identification of Critical Problems,” 5th Annual Computer Security Appl. Conf., Tucson, Arizona, Dec. 4-8, 1989, pp. 148-165.
13. U. S. Department of Defense, Military Standard: Defense System Software Development, Feb. 29, 1988.
14. A. Dardenne, A. van Lamsweerde and S. Fickas, “Goal-directed Requirements Acquisition,” Science of Computer Programming, to appear; earlier version appeared in 6th Int. Workshop on Software Specification and Design, Como, Italy, 1991.
15. B. Di Vito, C. Garvey, D. Kwong, A. Murray, J. Solomon and A. Wu, “The Deductive Theory Manager: A Knowledge Based System for Formal Verification,” Proc. IEEE Symp. Security and Privacy, 1990, pp. 306-318.
16. E. B. Fernandez, E. Gudes and H. Song, “A Security Model for Object-Oriented Databases,” Proc. IEEE Symp. Security and Privacy, 1989, pp. 110-115.
17. S. Greenspan, Requirements Modeling: A Knowledge Representation Approach to Software Requirements Definition. Ph.D. Thesis, Dept. of Computer Science, Univ. of Toronto, 1984.
18. U. Hahn, M. Jarke and T. Rose, “Teamwork Support in a Knowledge-Based Information Systems Environment,” IEEE Trans. Software Eng., vol. 17, no. 5, May 1991, pp. 467-482
19. H. R. Hartson and D. K. Hsiao, “Full Protection Specification in the Semantic Model for Database Protection Languages,” Proc. ACM Annual Conf., Houston, TX, Oct. 1976, pp. 90-95.
20. German Information Security Agency, Criteria for the Evaluation of Trustworthiness of Information Technology (IT) Systems, 1st Version, Bundesanzeiger, Köln, Germany, 1989.
21. Office for Official Publications of the European Communities, Information Technology Security Evaluation Criteria, Provisional Harmonised Criteria, Version 1.2, June 1991, Luxembourg.
22. M. Jarke, J. Mylopoulos, J. W. Schmidt, Y. Vassiliou, “DAIDA: An Environment for Evolving Information Systems,” ACM Trans. Information Systems, vol. 10, no. 1, Jan. 1992, pp. 1-50.
23. M. Jarke (Ed.), ConceptBase V3.1 User Manual, 1992.
24. M. Jarke, J. Bubenko, C. Rolland, A. Sutcliffe and Y. Vassiliou, “Theories Underlying Requirements Engineering: An Overview of NATURE at Genesis,” IEEE Int. Symp. Requirements Eng., Jan. 1993, pp. 19-31.
25. E. S. Lee, P. I. P. Boulton, B. W. Thomson, and R. E. Soper, Composable Trusted Systems, Tech. Report CSRI-272, Computer Systems Research Institute, Univ. of Toronto, May 31, 1992.
26. J. Lee, A Decision Rationale Management System: Capturing, Reusing, and Managing the Reasons for Decisions, Ph.D. Thesis, MIT, 1992.
27. A. Marmor-Squires, B. Danner, J. McHugh, L. Nagy, D. Sterne, M. Branstad, and P. Rougeau, “A Risk Driven Process Model for the Development of Trusted Systems,” 5th Annual Computer Security Appl. Conf., Tucson, Arizona, Dec. 4-8, 1989, pp. 184-192.
28. N. S. Matloff, “Another Look at the Use of Noise Addition for Database Security,” Proc. IEEE Symp. Security and Privacy, 1986, pp. 173-180.
29. T. J. McCabe and G. G. Schulmeyer, “The Pareto Principle Applied to Software Quality Assurance,” In G. Gordon Schulmeyer and James I. McManus (Eds.), Handbook of Software Quality Assurance, New York: Van Nostrand Reinhold, 1987, pp. 178-210.
30. J. D. Moffett and M. S. Sloman, “The Source of Authority for Commercial Access Control,” IEEE Computer, vol. 21, no. 2, Feb. 1988, pp. 59-69.
31. J. Mylopoulos, A. Borgida, M. Jarke, and M. Koubarakis, “Telos: Representing Knowledge about Information Systems,” ACM Trans. Information Systems, vol. 8, Oct. 1990, pp. 325-362.
32. J. Mylopoulos, L. Chung and B. Nixon, “Representing and Using Non-Functional Requirements: A Process-Oriented Approach,” IEEE Trans. Software Eng., vol. 18, no. 6, June 1992, pp. 483-497.
33. P. G. Neumann, “On Hierarchical Designs of Computer Systems for Critical Applications,” IEEE Trans. Software Eng., SE-12, no. 9, Sept. 1986, pp. 905-920.
34. P. G. Neumann (compiler), “Illustrative Risks to the Public in the Use of Computer Systems and Related Technology,” ACM Software Eng. Notes, vol. 16, no. 1, Jan. 1991, pp. 2-9.
35. N. Nilsson, Problem-Solving Methods in Artificial Intelligence. New York, McGraw-Hill, 1971.
36. B. Nixon, “Dealing with Performance Requirements During the Development of Information Systems”, IEEE Int. Symp. Requirements Eng., Jan. 1993, pp. 42-49.
37. D. B. Parker, “The Many Faces of Data Vulnerability,” IEEE Spectrum, vol. 21, no. 5, May 1984, pp. 46-49.
38. D. B. Parker, “Restating the Foundation of Information Security,” 2nd Annual North American Information System Security Symp., Toronto, Oct. 21-23, 1991.
39. T. S. Perry and P. Wallich, “Can Computer Crime be Stopped?", IEEE Spectrum, Vol. 21, No. 5, May 1984, pp. 34-45.
40. C. P. Pfieeger, Security in Computing, Englewood Cliffs, NJ: Prentice Hall, 1989.
41. C. Potts and G. Bruns, “Recording the Reasons for Design Decisions,” Proc. 10th Int. Conf. Software Eng., 1988, pp. 418-427.
42. H. A. Simon, The Sciences of the Artificial, 2nd ed., Cambridge, MA: The MIT Press, 1981.
43. G. W. Smith, “Multilevel Secure Database Design: A Practical Application,” 5th Annual Computer Security Appl. Conf., Tucson, Arizona, Dec. 4-8, 1989, pp. 314- 321.
44. G. Steinke, “Design Aspects of Access Control in a Knowledge Base System,” SECURICOM '90, Paris, March, 1990.
45. U.S. Department of Defense, Trusted Computer Systems Evaluation Criteria, DOD 5200.28-STD, Dec. 1985.
46. F. G. Tompkins and R. Rice, “Integrating Security Activities Into the Software Development Life Cycle and the Software Quality Assurance Process,” Computers & Security, vol. 5, no. 3, Sept. 1986, pp. 218-242.
47. Y. Vassiliou, M. Marakakis, P. Katalagarianos, L. Chung, M. Mertikas and J. Mylopoulos, “IRIS - A Mapping Assistant for Generating Designs from Requirements.” In Proc, CAiSE '90, 2nd Nordic Conf. Advanced Information Systems Eng., Stockholm, May 1991. Berlin: Springer-Verlag, 1991, pp. 307-338.
48. Visa Canada Association, Visa Canada 1990 Regional Report, Toronto, 1990.
49. C. Wood, E. B. Fernandez and R. C. Summers, “Data Base Security: Requirements, Policies, and Models,” IBM Syst. J., vol. 19, no. 2, 1980, pp. 229-252.