ACM Transactions on Computer Systems (TOCS)
Goal-directed requirements acquisition
6IWSSD Selected Papers of the Sixth International Workshop on Software Specification and Design
Fundamentals of computer security technology
Fundamentals of computer security technology
Safeware: system safety and computers
Safeware: system safety and computers
Functional documents for computer systems
Science of Computer Programming
Using schematic scenarios to understand user needs
Proceedings of the 1st conference on Designing interactive systems: processes, practices, methods, & techniques
Formal refinement patterns for goal-driven requirements elaboration
SIGSOFT '96 Proceedings of the 4th ACM SIGSOFT symposium on Foundations of software engineering
Managing Conflicts in Goal-Driven Requirements Engineering
IEEE Transactions on Software Engineering
Patterns in property specifications for finite-state verification
Proceedings of the 21st international conference on Software engineering
Requirements engineering in the year 00: a research perspective
Proceedings of the 22nd international conference on Software engineering
Handling Obstacles in Goal-Oriented Requirements Engineering
IEEE Transactions on Software Engineering - special section on current trends in exception handling—part II
Verifying security protocols with Brutus
ACM Transactions on Software Engineering and Methodology (TOSEM)
Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
Agent-based tactics for goal-oriented requirements elaboration
Proceedings of the 24th International Conference on Software Engineering
Deriving operational software specifications from system goals
Proceedings of the 10th ACM SIGSOFT symposium on Foundations of software engineering
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis
ESORICS '92 Proceedings of the Second European Symposium on Research in Computer Security
Security Requirements Engineering: When Anti-Requirements Hit the Fan
RE '02 Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering
Analyzing Website Privacy Requirements Using a Privacy Goal Taxonomy
RE '02 Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering
Proceedings of the 25th International Conference on Software Engineering
A Symbiotic Relationship Between Formal Methods and Security
CSDA '98 Proceedings of the Conference on Computer Security, Dependability, and Assurance: From Needs to Solutions
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Requirements interaction management
ACM Computing Surveys (CSUR)
Reconciling System Requirements and Runtime Behavior
IWSSD '98 Proceedings of the 9th international workshop on Software specification and design
Goal-Oriented Requirements Engineering: A Guided Tour
RE '01 Proceedings of the Fifth IEEE International Symposium on Requirements Engineering
FAUST: Formal Analysis Using Specification Tools
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Security and Privacy Requirements Analysis within a Social Setting
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Misuse Cases: Use Cases with Hostile Intent
IEEE Software
Sound methods and effective tools for model-based security engineering with UML
Proceedings of the 27th international conference on Software engineering
Software engineering for secure systems
Proceedings of the 27th international conference on Software engineering
Reasoning about confidentiality at requirements engineering time
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Web services enterprise security architecture: a case study
Proceedings of the 2005 workshop on Secure web services
A framework for security requirements engineering
Proceedings of the 2006 international workshop on Software engineering for secure systems
Security risk mitigation for information systems
BT Technology Journal
Research Directions in Requirements Engineering
FOSE '07 2007 Future of Software Engineering
Engineering Trust Management into Software Models
MISE '07 Proceedings of the International Workshop on Modeling in Software Engineering
Computer-aided Support for Secure Tropos
Automated Software Engineering
Aspect-oriented specification of threat-driven security requirements
International Journal of Computer Applications in Technology
Secure information systems engineering: a manifesto
International Journal of Electronic Security and Digital Forensics
Executable misuse cases for modeling security concerns
Proceedings of the 30th international conference on Software engineering
Towards goal-oriented development of self-adaptive systems
Proceedings of the 2008 international workshop on Software engineering for adaptive and self-managing systems
Formal derivation of security design specifications from security requirements
Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
CAiSE '08 Proceedings of the 20th international conference on Advanced Information Systems Engineering
Requirements engineering: from craft to discipline
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Enforcing a security pattern in stakeholder goal models
Proceedings of the 4th ACM workshop on Quality of protection
AspectKAOS: integrating early-aspects into KAOS
Proceedings of the 15th workshop on Early aspects
Requirements-based Access Control Analysis and Policy Specification (ReCAPS)
Information and Software Technology
Identifying vulnerabilities and critical requirements using criminal court proceedings
Proceedings of the 2009 ACM symposium on Applied Computing
Pattern-Based Confidentiality-Preserving Refinement
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Security Requirements Elicitation Using Method Weaving and Common Criteria
Models in Software Engineering
Modeling and analysis of security trade-offs - A goal oriented approach
Data & Knowledge Engineering
Conceptual Modeling: Foundations and Applications
Reasoning About Alternative Requirements Options
Conceptual Modeling: Foundations and Applications
Avoiding Threats Using Multi Agent System Planning for Web Based Systems
ICCCI '09 Proceedings of the 1st International Conference on Computational Collective Intelligence. Semantic Web, Social Networks and Multiagent Systems
Moving from Requirements to Design Confronting Security Issues: A Case Study
OTM '09 Proceedings of the Confederated International Conferences, CoopIS, DOA, IS, and ODBASE 2009 on On the Move to Meaningful Internet Systems: Part II
Network Security Validation Using Game Theory
OTM '09 Proceedings of the Confederated International Workshops and Posters on On the Move to Meaningful Internet Systems: ADI, CAMS, EI2N, ISDE, IWSSA, MONET, OnToContent, ODIS, ORM, OTM Academy, SWWS, SEMELS, Beyond SAWSDL, and COMBEK 2009
ER '09 Proceedings of the 28th International Conference on Conceptual Modeling
Using antimodels to define agents' strategy
CLIMA VII'06 Proceedings of the 7th international conference on Computational logic in multi-agent systems
Towards evidence-based architectural design for safety-critical software applications
Architecting dependable systems IV
Security requirements for civil aviation with UML and goal orientation
REFSQ'07 Proceedings of the 13th international working conference on Requirements engineering: foundation for software quality
Extending argumentation to goal-oriented requirements engineering
ER'07 Proceedings of the 2007 conference on Advances in conceptual modeling: foundations and applications
A meta-model for usable secure requirements engineering
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
A model of triangulating environments for policy authoring
Proceedings of the 15th ACM symposium on Access control models and technologies
Security requirements engineering framework for software product lines
Information and Software Technology
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Infringo ergo sum: when will software engineering support infringements?
Proceedings of the FSE/SDP workshop on Future of software engineering research
Requirements modeling for embedded realtime systems
MBEERTS'07 Proceedings of the 2007 International Dagstuhl conference on Model-based engineering of embedded real-time systems
Analyzing the security in the GSM radio network using attack jungles
ISoLA'10 Proceedings of the 4th international conference on Leveraging applications of formal methods, verification, and validation - Volume Part I
Identification of security requirements in systems of systems by functional security analysis
Architecting dependable systems VII
Towards transformation guidelines from secure tropos to misuse cases (position paper)
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
Discovering Multidimensional Correlations among Regulatory Requirements to Understand Risk
ACM Transactions on Software Engineering and Methodology (TOSEM)
Orchestrating security and system engineering for evolving systems
ServiceWave'11 Proceedings of the 4th European conference on Towards a service-based internet
Security requirements model for grid data management systems
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
Towards a requirements-driven framework for detecting malicious behavior against software systems
Proceedings of the 2011 Conference of the Center for Advanced Studies on Collaborative Research
Supporting security sensitive architecture design
QoSA'05 Proceedings of the First international conference on Quality of Software Architectures and Software Quality, and Proceedings of the Second International conference on Software Quality
Building security requirements using state transition diagram at security threat location
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
EWSA'05 Proceedings of the 2nd European conference on Software Architecture
Discovery and diagnosis of behavioral transitions in patient event streams
ACM Transactions on Management Information Systems (TMIS)
Assessment of a framework for designing and evaluating security sensitive architecture
EASE'08 Proceedings of the 12th international conference on Evaluation and Assessment in Software Engineering
A formal security requirements model for a grid-based operating system
FACS-FMI'07 Proceedings of the 2007th internatioanal conference on Formal Methods in Industry
Threat and Risk-Driven Security Requirements Engineering
International Journal of Mobile Computing and Multimedia Communications
Towards Tool-Support for Usable Secure Requirements Engineering with CAIRIS
International Journal of Secure Software Engineering
Comparing risk identification techniques for safety and security requirements
Journal of Systems and Software
Countermeasure graphs for software security risk assessment: An action research
Journal of Systems and Software
Value-based argumentation for designing and auditing security measures
Ethics and Information Technology
| Hi-index | 0.00 |
Caring for security at requirements engineering time is amessage that has finally received some attention recently.However, it is not yet very clear how to achieve thissystematically through the various stages of therequirements engineering process.The paper presents a constructive approach to themodeling, specification and analysis of application-specificsecurity requirements. The method is based on agoal-oriented framework for generating and resolvingobstacles to goal satisfaction. The extended frameworkaddresses malicious obstacles (called anti-goals) set up byattackers to threaten security goals. Threat trees are builtsystematically through anti-goal refinement until leafnodes are derived that are either software vulnerabilitiesobservable by the attacker or anti-requirementsimplementable by this attacker. New security requirementsare then obtained as countermeasures by application ofthreat resolution operators to the specification of the anti-requirementsand vulnerabilities revealed by the analysis.The paper also introduces formal epistemic specificationconstructs and patterns that may be used to support aformal derivation and analysis process. The method isillustrated on a web-based banking system for whichsubtle attacks have been reported recently.