Enforcing a security pattern in stakeholder goal models
Proceedings of the 4th ACM workshop on Quality of protection
Pattern-Based Confidentiality-Preserving Refinement
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Transformation of Type Graphs with Inheritance for Ensuring Security in E-Government Networks
FASE '09 Proceedings of the 12th International Conference on Fundamental Approaches to Software Engineering: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Security Requirements Elicitation Using Method Weaving and Common Criteria
Models in Software Engineering
Mining and analysing security goal models in health information systems
SEHC '09 Proceedings of the 2009 ICSE Workshop on Software Engineering in Health Care
Later stages support for security requirements
The Fifth Richard Tapia Celebration of Diversity in Computing Conference: Intellect, Initiatives, Insight, and Innovations
Requirements Engineering of an Access Protection
Proceedings of the 2009 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the Eighth SoMeT_09
A systematic review of security requirements engineering
Computer Standards & Interfaces
A Personal Data Audit Method through Requirements Engineering
Computer Standards & Interfaces
Reusing security requirements using an extended quality model
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
A model of triangulating environments for policy authoring
Proceedings of the 15th ACM symposium on Access control models and technologies
Security requirements engineering framework for software product lines
Information and Software Technology
Preliminary security specification for New Zealand's igovt system
AISC '09 Proceedings of the Seventh Australasian Conference on Information Security - Volume 98
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Identification of security requirements in systems of systems by functional security analysis
Architecting dependable systems VII
Towards transformation guidelines from secure tropos to misuse cases (position paper)
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
Empirical Software Engineering
A framework to support alignment of secure software engineering with legal regulations
Software and Systems Modeling (SoSyM)
Environment-driven threats elicitation for web applications
KES-AMSTA'11 Proceedings of the 5th KES international conference on Agent and multi-agent systems: technologies and applications
A unifying model for software quality
Proceedings of the 8th international workshop on Software quality
Orchestrating security and system engineering for evolving systems
ServiceWave'11 Proceedings of the 4th European conference on Towards a service-based internet
Idea: reusability of threat models – two approaches with an experimental evaluation
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Specifying and detecting meaningful changes in programs
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Journal of Systems and Software
Proceedings of the Second International Conference on Computational Science, Engineering and Information Technology
Survey and analysis on Security Requirements Engineering
Computers and Electrical Engineering
How to select a security requirements method? a comparative study with students and practitioners
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
Comparing Misuse Case and Mal-Activity Diagrams for Modelling Social Engineering Attacks
International Journal of Secure Software Engineering
The Effect of Firewall Testing Types on Cloud Security Policies
International Journal of Strategic Information Technology and Applications
International Journal of Strategic Information Technology and Applications
Generic modelling of security awareness in agent based systems
Information Sciences: an International Journal
A general approach for a trusted deployment of a business process in clouds
Proceedings of the Fifth International Conference on Management of Emergent Digital EcoSystems
| Hi-index | 0.00 |
This paper presents a framework for security requirements elicitation and analysis, based upon the construction of a context for the system, representation of security requirements as constraints, and satisfaction arguments for the requirements in the system context. The system context is described using a problem-centered notation, then is validated against the security requirements through construction of a satisfaction argument. The satisfaction argument is in two parts: a formal argument that the system can meet its security requirements, and a structured informal argument supporting the assumptions expressed in the formal argument. The construction of the satisfaction argument may fail, revealing either that the security requirement cannot be satisfied in the context, or that the context does not contain sufficient information to develop the argument. In this case, designers and architects are asked to provide additional design information to resolve the problems. We evaluate the framework by applying it to a security requirements analysis within an air traffic control technology evaluation project.