Security Requirements Elicitation Using Method Weaving and Common Criteria

Authors:
Motoshi Saeki;Haruhiko Kaiya
Affiliations:
Dept. of Computer Science, Tokyo Institute of Technology, Tokyo, Japan 152-8552;Dept. of Computer Science, Shinshu University, Nagano, Japan 380-8553
Venue:
Models in Software Engineering
Year:
2009

Citing 9
Cited 1

Weaving Together Requirements and Architectures

Computer
Using Abuse Case Models for Security Requirements Analysis

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Security and Privacy Requirements Analysis within a Social Setting

RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Elaborating Security Requirements by Construction of Intentional Anti-Models

Proceedings of the 26th International Conference on Software Engineering
Eliciting security requirements with misuse cases

Requirements Engineering
Matching attack patterns to security vulnerabilities in software-intensive system designs

SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
An Analysis of the Security Patterns Landscape

SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Security Requirements Engineering: A Framework for Representation and Analysis

IEEE Transactions on Software Engineering
Security ontology for annotating resources

OTM'05 Proceedings of the 2005 OTM Confederated international conference on On the Move to Meaningful Internet Systems: CoopIS, COA, and ODBASE - Volume Part II

A proposal on security case based on common criteria

ICT-EurAsia'13 Proceedings of the 2013 international conference on Information and Communication Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

The elicitation of security requirements (SRs) is a crucial issue to develop secure information systems of high quality. Although we have several requirements elicitation methods, most of them do not provide sufficient supports to identify security threats, security objectives and security functions. Security functions are closely related to architectural design of the information system, i.e. solution space, and knowledge from the solution space is necessary to elicit appropriate SRs of higher quality. This paper proposes the usage of Common Criteria and related knowledge sources to identify SRs from functional requirements through eliciting threats and security objectives. Our proposed technique is to weave through Common Criteria two types of elicitation methods; one is any existing functional requirements elicitation method and the other is a typical method for eliciting security functional requirements so that we can have a powerful method.