Software engineering for security: a roadmap
Proceedings of the Conference on The Future of Software Engineering
Handling Obstacles in Goal-Oriented Requirements Engineering
IEEE Transactions on Software Engineering - special section on current trends in exception handling—part II
Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
Trust in Cyberspace
Security Requirements Engineering: When Anti-Requirements Hit the Fan
RE '02 Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering
Model driven security for process-oriented systems
Proceedings of the eighth ACM symposium on Access control models and technologies
Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Security Engineering with Patterns: Origins, Theoretical Models, and New Applications
Security Engineering with Patterns: Origins, Theoretical Models, and New Applications
Tropos: An Agent-Oriented Software Development Methodology
Autonomous Agents and Multi-Agent Systems
Nonfunctional Requirements: From Elicitation to Conceptual Models
IEEE Transactions on Software Engineering
Viewing business-process security from different perspectives
International Journal of Electronic Commerce - Special issue: Developing the business components of the digital economy
Integrating security and systems engineering: towards the modelling of secure information systems
CAiSE'03 Proceedings of the 15th international conference on Advanced information systems engineering
Secure Systems Development with UML
Secure Systems Development with UML
CAiSE '08 Proceedings of the 20th international conference on Advanced Information Systems Engineering
Patterns and Pattern Diagrams for Access Control
TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
Enforcing a security pattern in stakeholder goal models
Proceedings of the 4th ACM workshop on Quality of protection
An adaptive security model using agent-oriented MDA
Information and Software Technology
CAiSE '09 Proceedings of the 21st International Conference on Advanced Information Systems Engineering
Research on software design level security vulnerabilities
ACM SIGSOFT Software Engineering Notes
Towards interoperability of i* models using iStarML
Computer Standards & Interfaces
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Towards transformation guidelines from secure tropos to misuse cases (position paper)
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
A framework to support alignment of secure software engineering with legal regulations
Software and Systems Modeling (SoSyM)
Specialization in i* strategic rationale diagrams
ER'12 Proceedings of the 31st international conference on Conceptual Modeling
Specialization in i* strategic rationale diagrams
ER'12 Proceedings of the 31st international conference on Conceptual Modeling
Secure by Design: Developing Secure Software Systems from the Ground Up
International Journal of Secure Software Engineering
Modelling Security Using Trust Based Concepts
International Journal of Secure Software Engineering
Hi-index | 0.01 |
Security involves technical as well as social challenges. In the development of security-critical applications, system developers must consider both the technical and the social parts. To achieve this, security issues must be considered during the whole development life-cycle of an information system. This paper presents an approach that allows developers to consider both the social and the technical dimensions of security through a structured and well defined process. In particular, the proposed approach takes the high-level concepts and modelling activities of the secure Tropos methodology and enriches them with a low level security-engineering ontology and models derived from the UMLsec approach. A real case study from the e-commerce sector is employed to demonstrate the applicability of the approach.