A framework for security requirements engineering
Proceedings of the 2006 international workshop on Software engineering for secure systems
SRRS: a recommendation system for security requirements
Proceedings of the 2008 international workshop on Recommendation systems for software engineering
XRound: A reversible template language and its application in model-based security analysis
Information and Software Technology
Towards usable cyber security requirements
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Information modeling for automated risk analysis
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
| Hi-index | 0.00 |
Risk analysis is the only effective way of making value judgments about the need for security. Established analysis methods apply to whole operational systems, taking a necessarily holistic view of security, but this makes them difficult to integrate into the design process for service-based applications, where design and implementation are independent of operational deployment. However, the most costly mistakes occur early in the development lifecycle, and effective security can be difficult to retrofit, motivating the need for early security analysis. This paper describes SeDAn (Security Design Analysis), a security risk analysis framework that is adapted for use in the design phase of service-based systems, and its application to a significant Grid-based project (Distributed Aircraft Maintenance Environment—DAME). The complete lifecycle of the risk analysis is described, and the effectiveness of the process in identifying design defects validates both the need for, and the effectiveness of, this type of analysis. Copyright © 2005 John Wiley & Sons, Ltd.