Applying a security requirements engineering process

Authors:
Daniel Mellado;Eduardo Fernández-Medina;Mario Piattini
Affiliations:
Information Technology Center of the National Social Security Institute, Ministry of Labour and Social Affairs, Madrid, Spain;Alarcos Research Group, Information Systems and Technologies Department, UCLM-Soluziona Research and Development Institute, University of Castilla-La Mancha, Ciudad Real, Spain;Alarcos Research Group, Information Systems and Technologies Department, UCLM-Soluziona Research and Development Institute, University of Castilla-La Mancha, Ciudad Real, Spain
Venue:
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Year:
2006

Citing 10
Cited 4

The unified software development process

The unified software development process
Requirements Engineering: Processes and Techniques

Requirements Engineering: Processes and Techniques
Developing an enterprise information security policy

SIGUCCS '02 Proceedings of the 30th annual ACM SIGUCCS conference on User services
Using Abuse Case Models for Security Requirements Analysis

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Towards Modeling and Reasoning Support for Early-Phase Requirements Engineering

RE '97 Proceedings of the 3rd IEEE International Symposium on Requirements Engineering
Security-Critical System Development with Extended Use Cases

APSEC '03 Proceedings of the Tenth Asia-Pacific Software Engineering Conference Software Engineering Conference
A common criteria based security requirements engineering process for the development of secure information systems

Computer Standards & Interfaces
Using a security requirements engineering methodology in practice: The compliance with the Italian data protection legislation

Computer Standards & Interfaces
Automatic translation form requirements model into use cases modeling on UML

ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part III
A comparative study of proposals for establishing security requirements for the development of secure information systems

ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III

A Model-Driven Approach for the Specification and Analysis of Access Control Policies

OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
On lightweight mobile phone application certification

Proceedings of the 16th ACM conference on Computer and communications security
Common criteria compliant software development (CC-CASD)

Proceedings of the 28th Annual ACM Symposium on Applied Computing
Adaptable, model-driven security engineering for SaaS cloud-based applications

Automated Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

Nowadays, security solutions are mainly focused on providing security defences, instead of solving one of the main reasons for security problems that refers to an appropriate Information Systems (IS) design. In fact, requirements engineering often neglects enough attention to security concerns. In this paper it will be presented a case study of our proposal, called SREP (Security Requirements Engineering Process), which is a standard-centred process and a reuse-based approach which deals with the security requirements at the earlier stages of software development in a systematic and intuitive way by providing a security resources repository and by integrating the Common Criteria into the software development lifecycle. In brief, a case study is shown in this paper demonstrating how the security requirements for a security critical IS can be obtained in a guided and systematic way by applying SREP.