Deriving security requirements from crosscutting threat descriptions
Proceedings of the 3rd international conference on Aspect-oriented software development
Elaborating Security Requirements by Construction of Intentional Anti-Models
Proceedings of the 26th International Conference on Software Engineering
Reasoning about confidentiality at requirements engineering time
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Eliciting confidentiality requirements in practice
CASCON '05 Proceedings of the 2005 conference of the Centre for Advanced Studies on Collaborative research
A framework for security requirements engineering
Proceedings of the 2006 international workshop on Software engineering for secure systems
Reasoning about willingness in networks of agents
Proceedings of the 2006 international workshop on Software engineering for large-scale multi-agent systems
Modeling Delegation through an i*-based Approach
IAT '06 Proceedings of the IEEE/WIC/ACM international conference on Intelligent Agent Technology
Computer-aided Support for Secure Tropos
Automated Software Engineering
Secure information systems engineering: a manifesto
International Journal of Electronic Security and Digital Forensics
Executable misuse cases for modeling security concerns
Proceedings of the 30th international conference on Software engineering
Journal of Systems and Software
Reasoning About Willingness in Networks of Agents
Software Engineering for Multi-Agent Systems V
SRRS: a recommendation system for security requirements
Proceedings of the 2008 international workshop on Recommendation systems for software engineering
Enforcing a security pattern in stakeholder goal models
Proceedings of the 4th ACM workshop on Quality of protection
Analyzing Business Continuity through a Multi-layers Model
BPM '08 Proceedings of the 6th International Conference on Business Process Management
Towards the development of privacy-aware systems
Information and Software Technology
Reflective Analysis of the Syntax and Semantics of the i* Framework
ER '08 Proceedings of the ER 2008 Workshops (CMLSA, ECDM, FP-UML, M2AS, RIGiM, SeCoGIS, WISM) on Advances in Conceptual Modeling: Challenges and Opportunities
A Model-Driven Approach for the Specification and Analysis of Access Control Policies
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Analyzing trust in technology strategies
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Experimental comparison of attack trees and misuse cases for security threat identification
Information and Software Technology
Requirements-based Access Control Analysis and Policy Specification (ReCAPS)
Information and Software Technology
Extending Problem Frames to deal with stakeholder problems: An Agent- and Goal-Oriented Approach
Proceedings of the 2009 ACM symposium on Applied Computing
Security Requirements Elicitation Using Method Weaving and Common Criteria
Models in Software Engineering
Modeling and analysis of security trade-offs - A goal oriented approach
Data & Knowledge Engineering
A UML 2.0 profile to define security requirements for Data Warehouses
Computer Standards & Interfaces
Later stages support for security requirements
The Fifth Richard Tapia Celebration of Diversity in Computing Conference: Intellect, Initiatives, Insight, and Innovations
Conceptual Modeling: Foundations and Applications
On Non-Functional Requirements in Software Engineering
Conceptual Modeling: Foundations and Applications
Reasoning About Alternative Requirements Options
Conceptual Modeling: Foundations and Applications
Supporting Requirements Elicitation through Goal/Scenario Coupling
Conceptual Modeling: Foundations and Applications
Feature-oriented nonfunctional requirement analysis for software product line
Journal of Computer Science and Technology
Computer Standards & Interfaces
Validating complex interactions in air traffic management
HSI'09 Proceedings of the 2nd conference on Human System Interactions
ER '09 Proceedings of the 28th International Conference on Conceptual Modeling
Allocating goals to agent roles during MAS requirements engineering
AOSE'06 Proceedings of the 7th international conference on Agent-oriented software engineering VII
Mal-activity diagrams for capturing attacks on business processes
REFSQ'07 Proceedings of the 13th international working conference on Requirements engineering: foundation for software quality
Transparency versus security: early analysis of antagonistic requirements
Proceedings of the 2010 ACM Symposium on Applied Computing
A goal oriented approach for modeling and analyzing security trade-offs
ER'07 Proceedings of the 26th international conference on Conceptual modeling
Security requirements engineering framework for software product lines
Information and Software Technology
Towards a comprehensive requirements architecture for privacy-aware social recommender systems
APCCM '10 Proceedings of the Seventh Asia-Pacific Conference on Conceptual Modelling - Volume 110
Towards interoperability of i* models using iStarML
Computer Standards & Interfaces
A risk management process for consumers: the next step in information security
Proceedings of the 2010 workshop on New security paradigms
A conceptual meta-model for secured information systems
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
Discovering Multidimensional Correlations among Regulatory Requirements to Understand Risk
ACM Transactions on Software Engineering and Methodology (TOSEM)
CAiSE'05 Proceedings of the 17th international conference on Advanced Information Systems Engineering
Security and trust requirements engineering
Foundations of Security Analysis and Design III
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III
Idea: reusability of threat models – two approaches with an experimental evaluation
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
A novel watermarking method for software protection in the cloud
Software—Practice & Experience
Requirements dependencies: the emergence of a requirements network
International Journal of Computer Applications in Technology
STS-tool: using commitments to specify socio-technical security requirements
ER'12 Proceedings of the 2012 international conference on Advances in Conceptual Modeling
ER'12 Proceedings of the 31st international conference on Conceptual Modeling
A Unified Use-Misuse Case Model for Capturing and Analysing Safety and Security Requirements
International Journal of Information Security and Privacy
Organizational Patterns for Security and Dependability: From Design to Application
International Journal of Secure Software Engineering
Secure by Design: Developing Secure Software Systems from the Ground Up
International Journal of Secure Software Engineering
Comparing Misuse Case and Mal-Activity Diagrams for Modelling Social Engineering Attacks
International Journal of Secure Software Engineering
Model Based Process to Support Security and Privacy Requirements Engineering
International Journal of Secure Software Engineering
The Effect of Firewall Testing Types on Cloud Security Policies
International Journal of Strategic Information Technology and Applications
Engineering adaptive privacy: on the role of privacy awareness requirements
Proceedings of the 2013 International Conference on Software Engineering
A privacy framework for the personal web
The Personal Web
Comparing attack trees and misuse cases in an industrial setting
Information and Software Technology
Hi-index | 0.00 |
Security issues for software systems ultimately concern relationships among social actors - stakeholders, system users, potential attackers - and the software acting on their behalf. This paper proposes a methodological framework for dealing with security and privacy requirements based on i*, an agent-oriented requirements modeling language. The framework supports a set of analysis techniques. In particular, attacker analysis helps identify potential system abusers and their malicious intents. Dependency vulnerability analysis helps detect vulnerabilities in terms of organizational relationships amongstakeholders. Countermeasure analysis supports the dynamic decision-making process of defensive system players in addressing vulnerabilities and threats. Finally, access control analysis bridges the gap between security requirement models and security implementation models. The framework is illustrated with an example involving security and privacy concerns in the design of agent-based health information systems. In addition, we discuss model evaluation techniques, including qualitative goal model analysis and property verification techniques based on model checking.