RUPSec: Extending Business Modeling and Requirements Disciplines of RUP for Developing Secure Systems

Authors:
Pooya Jaferian;Golnaz Elahi;Mohammad Reza Ayatollahzadeh Shirazi;Babak Sadeghian
Affiliations:
Department of Computer Engineering and Information Technology Amirkabir University of Technology Tehran, Iran;Department of Computer Engineering and Information Technology Amirkabir University of Technology Tehran, Iran;Department of Computer Engineering and Information Technology Amirkabir University of Technology Tehran, Iran;Department of Computer Engineering and Information Technology Amirkabir University of Technology Tehran, Iran
Venue:
EUROMICRO '05 Proceedings of the 31st EUROMICRO Conference on Software Engineering and Advanced Applications
Year:
2005

Citing 9
Cited 2

Practical software metrics for project management and process improvement

Practical software metrics for project management and process improvement
Dealing with non-functional requirements: three experimental studies of a process-oriented approach

Proceedings of the 17th international conference on Software engineering
Software engineering for security: a roadmap

Proceedings of the Conference on The Future of Software Engineering
Evaluation of modeling techniques for agent-based systems

Proceedings of the fifth international conference on Autonomous agents
Security Engineering: A Guide to Building Dependable Distributed Systems

Security Engineering: A Guide to Building Dependable Distributed Systems
Model driven security for process-oriented systems

Proceedings of the eighth ACM symposium on Access control models and technologies
Using Abuse Case Models for Security Requirements Analysis

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
The Rational Unified Process: An Introduction

The Rational Unified Process: An Introduction
Security-Critical System Development with Extended Use Cases

APSEC '03 Proceedings of the Tenth Asia-Pacific Software Engineering Conference Software Engineering Conference

RUP-based process model for security requirements engineering in value-added service development

IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
A product line enhanced unified process

SPW/ProSim'06 Proceedings of the 2006 international conference on Software Process Simulation and Modeling

Quantified Score

Hi-index	0.00

Visualization

Abstract

Nowadays, one of the main challenges facing computer systems is increasing attacks and security threats against them. Therefore, capturing, analyzing, designing, developing and testing of security requirements have became an important issue in development of security-critical computing systems, such as banking, military and ecommerce systems. For developing every system, a process model is chosen. The Rational Unified Process (RUP) is one of the most popular and complete process models which has been used by developers in recent years. Our study and analysis has shown that RUP should be extended for developing security-critical systems. In this paper, we report our work on extending Business Modeling and Requirements disciplines of RUP for developing secure systems. We call this extended version of RUP as RUPSec. The proposed extensions in RUPSec are adding and integrating a number of Activities, Roles, and Artifacts to RUP in order to capture, document and model threats and security requirements.