The internet worm program: an analysis
ACM SIGCOMM Computer Communication Review
Software engineering for security: a roadmap
Proceedings of the Conference on The Future of Software Engineering
Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
Requirements Engineering: Processes and Techniques
Requirements Engineering: Processes and Techniques
Security in Computing
Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Security and Privacy Requirements Analysis within a Social Setting
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Deriving security requirements from crosscutting threat descriptions
Proceedings of the 3rd international conference on Aspect-oriented software development
Elaborating Security Requirements by Construction of Intentional Anti-Models
Proceedings of the 26th International Conference on Software Engineering
Applying Security Design Analysis to a service-based system: Research Articles
Software—Practice & Experience - Grid Security
Using trust assumptions with security requirements
Requirements Engineering
Integrating security and systems engineering: towards the modelling of secure information systems
CAiSE'03 Proceedings of the 15th international conference on Advanced information systems engineering
Introduction to software engineering for secure systems: SESS06 -- secure by design
Proceedings of the 2006 international workshop on Software engineering for secure systems
Editorial: Model-Driven Development for secure information systems
Information and Software Technology
Modeling and analysis of security trade-offs - A goal oriented approach
Data & Knowledge Engineering
Refining and reasoning about nonfunctional requirements
Proceedings of the 47th Annual Southeast Regional Conference
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Reusable security use cases for mobile grid environments
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
KES '09 Proceedings of the 13th International Conference on Knowledge-Based and Intelligent Information and Engineering Systems: Part II
Monitoring and Diagnosing Malicious Attacks with Autonomic Software
ER '09 Proceedings of the 28th International Conference on Conceptual Modeling
Applying a UML Extension to Build Use Cases Diagrams in a Secure Mobile Grid Application
ER '09 Proceedings of the ER 2009 Workshops (CoMoL, ETheCoM, FP-UML, MOST-ONISW, QoIS, RIGiM, SeCoGIS) on Advances in Conceptual Modeling - Challenging Perspectives
Analysis of Secure Mobile Grid Systems: A systematic approach
Information and Software Technology
A goal oriented approach for modeling and analyzing security trade-offs
ER'07 Proceedings of the 26th international conference on Conceptual modeling
Extracting security control requirements
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Controlling security of software development with multi-agent system
KES'10 Proceedings of the 14th international conference on Knowledge-based and intelligent information and engineering systems: Part IV
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Security services architecture for Secure Mobile Grid Systems
Journal of Systems Architecture: the EUROMICRO Journal
A decade of model-driven security
Proceedings of the 16th ACM symposium on Access control models and technologies
Model Based Process to Support Security and Privacy Requirements Engineering
International Journal of Secure Software Engineering
| Hi-index | 0.00 |
This paper presents a framework for security requirements elicitation and analysis, based upon the construction of a context for the system and satisfaction arguments for the security of the system. One starts with enumeration of security goals based on assets in the system. These goals are used to derive security requirements in the form of constraints. The system context is described using a problem-centered notation, then this context is validated against the security requirements through construction of a satisfaction argument. The satisfaction argument is in two parts: a formal argument that the system can meet its security requirements, and a structured informal argument supporting the assumptions expressed in the formal argument. The construction of the satisfaction argument may fail, revealing either that the security requirement cannot be satisfied in the context, or that the context does not contain sufficient information to develop the argument. In this case, designers and architects are asked to provide additional design information to resolve the problems.