Software engineering for security: a roadmap
Proceedings of the Conference on The Future of Software Engineering
Writing Effective Use Cases
Writing Secure Code
Modularisation and composition of aspectual requirements
Proceedings of the 2nd international conference on Aspect-oriented software development
ECOOP '01 Proceedings of the 15th European Conference on Object-Oriented Programming
Security Through Aspect-Oriented Programming
Proceedings of the IFIP TC11 WG11.4 First Annual Working Conference on Network Security: Advances in Network and Distributed Systems Security
Initial Industrial Experience of Misuse Cases in Trade-Off Analysis
RE '02 Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering
Early Aspects: A Model for Aspect-Oriented Requirements Engineerin
RE '02 Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering
Security Requirements Engineering: When Anti-Requirements Hit the Fan
RE '02 Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering
Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Towards Modeling and Reasoning Support for Early-Phase Requirements Engineering
RE '97 Proceedings of the 3rd IEEE International Symposium on Requirements Engineering
Using Aspects to Design a Secure System
ICECCS '02 Proceedings of the Eighth International Conference on Engineering of Complex Computer Systems
Abuse-Case-Based Assurance Arguments
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Deriving security requirements from crosscutting threat descriptions
Proceedings of the 3rd international conference on Aspect-oriented software development
Threat Modeling
Object-Oriented Software Engineering: A Use Case Driven Approach
Object-Oriented Software Engineering: A Use Case Driven Approach
Theme: An Approach for Aspect-Oriented Analysis and Design
Proceedings of the 26th International Conference on Software Engineering
Elaborating Security Requirements by Construction of Intentional Anti-Models
Proceedings of the 26th International Conference on Software Engineering
Aspect-Oriented Software Development with Use Cases (Addison-Wesley Object Technology Series)
Aspect-Oriented Software Development with Use Cases (Addison-Wesley Object Technology Series)
A threat-driven approach to modeling and verifying secure software
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Misuse Cases: Use Cases with Hostile Intent
IEEE Software
Threat-Driven Modeling and Verification of Secure Software Using Aspect-Oriented Petri Nets
IEEE Transactions on Software Engineering
Modelling UML sequence diagrams with aspect-oriented extended Petri nets
International Journal of Computer Applications in Technology
| Hi-index | 0.01 |
This paper presents an aspect-oriented approach to integrated specification of functional and security requirements based on use-case-driven software development. It relies on explicit identification of security threats and threat mitigations. We first identify security threats with respect to use-case based functional requirements in terms of security goals and the STRIDE category. Then, we suggest threat mitigations for preventing or reducing security threats. To capture the crosscutting nature of threats and mitigations, we specify them as aspects that encapsulate pointcuts and advice. This provides a structured way for separating functional and security concerns and for analysing the interaction between them.