Systematic development of UMLsec design models based on security requirements
FASE'11/ETAPS'11 Proceedings of the 14th international conference on Fundamental approaches to software engineering: part of the joint European conferences on theory and practice of software
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
Value-based argumentation for justifying compliance
Artificial Intelligence and Law - Special issue on Deontic Logic and Normative Systems
Proceedings of the Second International Conference on Computational Science, Engineering and Information Technology
Security and reliability requirements for advanced security event management
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Engineering access control policies for provenance-aware systems
Proceedings of the third ACM conference on Data and application security and privacy
Threat and Risk-Driven Security Requirements Engineering
International Journal of Mobile Computing and Multimedia Communications
Comparing risk identification techniques for safety and security requirements
Journal of Systems and Software
Common criteria compliant software development (CC-CASD)
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Value-based argumentation for designing and auditing security measures
Ethics and Information Technology
Secure Tropos framework for software product lines requirements engineering
Computer Standards & Interfaces
Hi-index | 0.00 |
This paper presents a conceptual framework for security engineering, with a strong focus on security requirements elicitation and analysis. This conceptual framework establishes a clear-cut vocabulary and makes explicit the interrelations between the different concepts and notions used in security engineering. Further, we apply our conceptual framework to compare and evaluate current security requirements engineering approaches, such as the Common Criteria, Secure Tropos, SREP, MSRA, as well as methods based on UML and problem frames. We review these methods and assess them according to different criteria, such as the general approach and scope of the method, its validation, and quality assurance capabilities. Finally, we discuss how these methods are related to the conceptual framework and to one another.