Secure Information Systems Engineering: Experiences and Lessons Learned from Two Health Care Projects

Authors:
Haralambos Mouratidis;Ali Sunyaev;Jan Jurjens
Affiliations:
School of Computing and Technology, University of East London, England;Institut fur Informatik, Technische Universitat Munchen, Germany;Computing Department, The Open University, Great Britain
Venue:
CAiSE '09 Proceedings of the 21st International Conference on Advanced Information Systems Engineering
Year:
2009

Citing 16
Cited 1

An object-oriented framework for model management and DSS development

Decision Support Systems
Software engineering for security: a roadmap

Proceedings of the Conference on The Future of Software Engineering
An agent-based approach for building complex software systems

Communications of the ACM
Agent-oriented software engineering: the state of the art

First international workshop, AOSE 2000 on Agent-oriented software engineering
Model driven security for process-oriented systems

Proceedings of the eighth ACM symposium on Access control models and technologies
Using Abuse Case Models for Security Requirements Analysis

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Modelling secure multiagent systems

AAMAS '03 Proceedings of the second international joint conference on Autonomous agents and multiagent systems
Modelling strategic relationships for process reengineering

Modelling strategic relationships for process reengineering
Tropos: An Agent-Oriented Software Development Methodology

Autonomous Agents and Multi-Agent Systems
Eliciting security requirements with misuse cases

Requirements Engineering
Viewing business-process security from different perspectives

International Journal of Electronic Commerce - Special issue: Developing the business components of the digital economy
Integrating Security and Software Engineering: Advances and Future Vision

Integrating Security and Software Engineering: Advances and Future Vision
Tools for secure systems development with UML

International Journal on Software Tools for Technology Transfer (STTT)
Constraint based role based access control in the SECTET-framework: A model-driven approach

Journal of Computer Security - Privacy, Security and Trust (PST) Technologies: Evolution and Challenges
Secure Systems Development with UML

Secure Systems Development with UML
Towards a comprehensive framework for secure systems development

CAiSE'06 Proceedings of the 18th international conference on Advanced Information Systems Engineering

Evaluation of the Pattern-based method for Secure Development (PbSD): A controlled experiment

Information and Software Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

In CAiSE 2006, we had presented a framework to support development of secure information systems. The framework was based on the integration of two security-aware approaches, the Secure Tropos methodology, which provides an approach for security requirements elicitation, and the UMLsec approach, which allows one to include the security requirements into design models and offers tools for security analysis. In this paper we reflect on the usage of this framework and we report our experiences of applying it to two different industrial case studies from the health care domain. However, due to lack of space we only describe in this paper one of the case studies. Our findings demonstrate that the support of the framework for the consideration of security issues from the early stages and throughout the development process can result in a substantial improvement in the security of the analysed systems.