Four dark corners of requirements engineering
ACM Transactions on Software Engineering and Methodology (TOSEM)
Hyper/J: multi-dimensional separation of concerns for Java
Proceedings of the 22nd international conference on Software engineering
Handling Obstacles in Goal-Oriented Requirements Engineering
IEEE Transactions on Software Engineering - special section on current trends in exception handling—part II
Composition patterns: an approach to designing reusable aspects
ICSE '01 Proceedings of the 23rd International Conference on Software Engineering
Building secure software: how to avoid security problems the right way
Building secure software: how to avoid security problems the right way
Security in Computing
Using WinWin Quality Requirements Management Tools: A Case Study
Annals of Software Engineering
Modularisation and composition of aspectual requirements
Proceedings of the 2nd international conference on Aspect-oriented software development
Aspect-Oriented Requirements Engineering for Component-Based Software Systems
RE '99 Proceedings of the 4th IEEE International Symposium on Requirements Engineering
Early Aspects: A Model for Aspect-Oriented Requirements Engineerin
RE '02 Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering
A Requirements-Driven Development Methodology
CAiSE '01 Proceedings of the 13th International Conference on Advanced Information Systems Engineering
Towards Modeling and Reasoning Support for Early-Phase Requirements Engineering
RE '97 Proceedings of the 3rd IEEE International Symposium on Requirements Engineering
Abuse-Case-Based Assurance Arguments
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Goal-Oriented Requirements Engineering: A Guided Tour
RE '01 Proceedings of the Fifth IEEE International Symposium on Requirements Engineering
Introducing Abuse Frames for Analysing Security Requirements
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Security and Privacy Requirements Analysis within a Social Setting
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Trust management tools for internet applications
iTrust'03 Proceedings of the 1st international conference on Trust management
A framework for security requirements engineering
Proceedings of the 2006 international workshop on Software engineering for secure systems
Analyzing crosscutting in the problem frames approach
Proceedings of the 2006 international workshop on Advances and applications of problem frames
Aspect-oriented specification of threat-driven security requirements
International Journal of Computer Applications in Technology
Aspect-oriented requirements engineering: a roadmap
Proceedings of the 13th international workshop on Early Aspects
SRRS: a recommendation system for security requirements
Proceedings of the 2008 international workshop on Recommendation systems for software engineering
Enforcing security for desktop clients using authority aspects
Proceedings of the 8th ACM international conference on Aspect-oriented software development
Later stages support for security requirements
The Fifth Richard Tapia Celebration of Diversity in Computing Conference: Intellect, Initiatives, Insight, and Innovations
A taxonomy of asymmetric requirements aspects
Proceedings of the 10th international conference on Early aspects: current challenges and future directions
Secure business process model specification through a UML 2.0 activity diagram profile
Decision Support Systems
Model-based security engineering with UML: introducing security aspects
FMCO'05 Proceedings of the 4th international conference on Formal Methods for Components and Objects
A requirement centric framework for information security evaluation
IWSEC'06 Proceedings of the 1st international conference on Security
| Hi-index | 0.00 |
It is generally accepted that early determination of the stakeholder requirements assists in the development of systems that better meet the needs of those stakeholders. General security requirements frustrate this goal because it is difficult to determine how they affect the functional requirements of the system.This paper illustrates how representing threats as crosscutting concerns aids in determining the effect of security requirements on the functional requirements. Assets (objects that have value in a system) are first enumerated, and then threats on these assets are listed. The points where assets and functional requirements join are examined to expose vulnerabilities to the threats. Security requirements, represented as constraints, are added to the functional requirements to reduce the scope of the vulnerabilities. These requirements are used during the analysis and specification process, thereby incorporating security concerns into the functional requirements of the system.