Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Security and Privacy Requirements Analysis within a Social Setting
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Elaborating Security Requirements by Construction of Intentional Anti-Models
Proceedings of the 26th International Conference on Software Engineering
Eliciting security requirements with misuse cases
Requirements Engineering
Matching attack patterns to security vulnerabilities in software-intensive system designs
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
An Analysis of the Security Patterns Landscape
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Security Requirements Engineering: A Framework for Representation and Analysis
IEEE Transactions on Software Engineering
Security ontology for annotating resources
OTM'05 Proceedings of the 2005 OTM Confederated international conference on On the Move to Meaningful Internet Systems: CoopIS, COA, and ODBASE - Volume Part II
A proposal on security case based on common criteria
ICT-EurAsia'13 Proceedings of the 2013 international conference on Information and Communication Technology
Hi-index | 0.00 |
The elicitation of security requirements (SRs) is a crucial issue to develop secure information systems of high quality. Although we have several requirements elicitation methods, most of them do not provide sufficient supports to identify security threats, security objectives and security functions. Security functions are closely related to architectural design of the information system, i.e. solution space, and knowledge from the solution space is necessary to elicit appropriate SRs of higher quality. This paper proposes the usage of Common Criteria and related knowledge sources to identify SRs from functional requirements through eliciting threats and security objectives. Our proposed technique is to weave through Common Criteria two types of elicitation methods; one is any existing functional requirements elicitation method and the other is a typical method for eliciting security functional requirements so that we can have a powerful method.