Towards transformation guidelines from secure tropos to misuse cases (position paper)

Authors:
Naved Ahmed;Raimundas Matulevičius
Affiliations:
University of Tartu, Tartu, Estonia;University of Tartu, Tartu, Estonia
Venue:
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
Year:
2011

Citing 15
Cited 1

Requirements and Specification Exemplars

Automated Software Engineering
Towards requirements-driven information systems engineering: the Tropos project

Information Systems - The 13th international conference on advanced information systems engineering (CAiSE*01)
Deriving Use Cases from Organizational Modeling

RE '02 Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering
Tropos: An Agent-Oriented Software Development Methodology

Autonomous Agents and Multi-Agent Systems
Elaborating Security Requirements by Construction of Intentional Anti-Models

Proceedings of the 26th International Conference on Software Engineering
Eliciting security requirements with misuse cases

Requirements Engineering
Modeling Security Requirements Through Ownership, Permission and Delegation

RE '05 Proceedings of the 13th IEEE International Conference on Requirements Engineering
Integrating software specifications into intrusion detection

International Journal of Information Security
Security Requirements Engineering: A Framework for Representation and Analysis

IEEE Transactions on Software Engineering
Alignment of Misuse Cases with Security Risk Management

ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development

CAiSE '08 Proceedings of the 20th international conference on Advanced Information Systems Engineering
A goal oriented approach for modeling and analyzing security trade-offs

ER'07 Proceedings of the 26th international conference on Conceptual modeling
Secure Systems Development with UML

Secure Systems Development with UML
Towards Model Transformation between SecureUML and UMLsec for Role-based Access Control

Proceedings of the 2011 conference on Databases and Information Systems VI: Selected Papers from the Ninth International Baltic Conference, DB&IS 2010
Towards a comprehensive framework for secure systems development

CAiSE'06 Proceedings of the 18th international conference on Advanced Information Systems Engineering

Seventh international workshop on software engineering for secure systems (SESS 2011)

Proceedings of the 33rd International Conference on Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

(IS) requires that the security concerns should be properly articulated well ahead in early requirement engineering (RE) along with other functional and non-functional requirements. In this paper, based on the domain model for IS security risk management (SRM) we propose a set of transformation guidelines to translate Secure Tropos models to the misuse case diagrams. We believe that such a model translation would help developers to elicit real security needs by integrating the security analysis starting from early requirement stages to all the stages of development process. The translation aligns the IS security concerns with functional requirements and maintains traceability of the security decisions to their origin.