Model Based Process to Support Security and Privacy Requirements Engineering

Authors:
Haralambos Mouratidis;Christos Kalloniatis;Shareeful Islam;Aleksandar Hudic;Lorenz Zechner
Affiliations:
University of East London, UK;University of the Aegean, Greece;University of East London, UK;SBA Research gGmbH, Austria;SBA Research gGmbH, Austria
Venue:
International Journal of Secure Software Engineering
Year:
2012

Citing 11
Cited 2

Handling Obstacles in Goal-Oriented Requirements Engineering

IEEE Transactions on Software Engineering - special section on current trends in exception handling—part II
Enterprise Knowledge Management and Conceptual Modelling

Selected Papers from the Symposium on Conceptual Modeling, Current Issues and Future Directions
Security and Privacy Requirements Analysis within a Social Setting

RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Privacy risk models for designing privacy-sensitive ubiquitous computing systems

DIS '04 Proceedings of the 5th conference on Designing interactive systems: processes, practices, methods, and techniques
A framework for security requirements engineering

Proceedings of the 2006 international workshop on Software engineering for secure systems
Integrating Security and Software Engineering: Advances and Future Vision

Integrating Security and Software Engineering: Advances and Future Vision
Addressing privacy requirements in system design: the PriS method

Requirements Engineering
Evaluating existing security and privacy requirements for legal compliance

Requirements Engineering - Special Issue on RE'09: Security Requirements Engineering; Guest Editors: Eric Dubois and Haralambos Mouratidis
Eliciting security requirements and tracing them to design: an integration of Common Criteria, heuristics, and UMLsec

Requirements Engineering - Special Issue on RE'09: Security Requirements Engineering; Guest Editors: Eric Dubois and Haralambos Mouratidis
A framework to support alignment of secure software engineering with legal regulations

Software and Systems Modeling (SoSyM)
Modelling Security Using Trust Based Concepts

International Journal of Secure Software Engineering

A framework to support selection of cloud providers based on security and privacy requirements

Journal of Systems and Software
Towards the design of secure and privacy-oriented information systems in the cloud: Identifying the major concepts

Computer Standards & Interfaces

Quantified Score

Hi-index	0.00

Visualization

Abstract

Software systems are becoming more complex, interconnected and liable to adopt continuous change and evolution. It's necessary to develop appropriate methods and techniques to ensure security and privacy of such systems. Research efforts that aim to ensure security and privacy of software systems are distinguished through two main categories: 1 the development of requirements engineering methods, and 2 implementation techniques. Approaches that fall in the first category usually aim to address either security or privacy in an implicit way, with emphasis on the security aspects by developing methods to elicit and analyse security and privacy requirements. Works that fall in the latter categories focus specifically on the later stages of the development process irrespective of the organisational context in which the system will be incorporated. This work introduces a model-based process for security and privacy requirements engineering. In particular, the authors' work includes activities which support to identify and analyse security and privacy requirements for the software system. Their purpose process combines concepts from two well-known requirements engineering methods, Secure Tropos and PriS. A real case study from the EU project E-vote, i.e., an Internet based voting system, is employed to demonstrate the applicability of the approach.