A common criteria based security requirements engineering process for the development of secure information systems

Authors:
Daniel Mellado;Eduardo Fernández-Medina;Mario Piattini
Affiliations:
Information Technology Center of the National Social Security Institute, Ministry of Labour and Social Affair, Madrid, Spain;ALARCOS Research Group, Information Systems and Technologies Department, UCLM-Soluziona Research and Development Institute, University of Castilla-La Mancha, Paseo de la Universidad 4, 13071 Ciuda ...;ALARCOS Research Group, Information Systems and Technologies Department, UCLM-Soluziona Research and Development Institute, University of Castilla-La Mancha, Paseo de la Universidad 4, 13071 Ciuda ...
Venue:
Computer Standards & Interfaces
Year:
2007

Citing 10
Cited 19

The unified software development process

The unified software development process
Weaving Together Requirements and Architectures

Computer
Requirements Classification and Reuse: Crossing Domain Boundaries

ICSR-6 Proceedings of the 6th International Conerence on Software Reuse: Advances in Software Reusability
Cybersecurity

Proceedings of the 25th International Conference on Software Engineering
Using Abuse Case Models for Security Requirements Analysis

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
A CC-based Security Engineering Process Evaluation Model

COMPSAC '03 Proceedings of the 27th Annual International Conference on Computer Software and Applications
Security-Critical System Development with Extended Use Cases

APSEC '03 Proceedings of the Tenth Asia-Pacific Software Engineering Conference Software Engineering Conference
Security quality requirements engineering (SQUARE) methodology

SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Using a security requirements engineering methodology in practice: The compliance with the Italian data protection legislation

Computer Standards & Interfaces
A comparative study of proposals for establishing security requirements for the development of secure information systems

ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III

Towards security requirements management for software product lines: A security domain requirements engineering process

Computer Standards & Interfaces
On lightweight mobile phone application certification

Proceedings of the 16th ACM conference on Computer and communications security
Analysis of Secure Mobile Grid Systems: A systematic approach

Information and Software Technology
A systematic review of security requirements engineering

Computer Standards & Interfaces
A Personal Data Audit Method through Requirements Engineering

Computer Standards & Interfaces
Reusing security requirements using an extended quality model

Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
A meta-model for usable secure requirements engineering

Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
Security requirements engineering framework for software product lines

Information and Software Technology
A comparison of software design security metrics

Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
Controlling security of software development with multi-agent system

KES'10 Proceedings of the 14th international conference on Knowledge-based and intelligent information and engineering systems: Part IV
Idea: simulation based security requirement verification for transaction level models

ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Identification of security requirements in systems of systems by functional security analysis

Architecting dependable systems VII
A conceptual meta-model for secured information systems

Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
A framework to support alignment of secure software engineering with legal regulations

Software and Systems Modeling (SoSyM)
Applying a security requirements engineering process

ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Requirements engineering tools: Capabilities, survey and assessment

Information and Software Technology
Survey and analysis on Security Requirements Engineering

Computers and Electrical Engineering
Security and reliability requirements for advanced security event management

MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
A framework to support selection of cloud providers based on security and privacy requirements

Journal of Systems and Software

Quantified Score

Hi-index	0.00

Visualization

Abstract

In order to develop security critical Information Systems, specifying security quality requirements is vitally important, although it is a very difficult task. Fortunately, there are several security standards, like the Common Criteria (ISO/IEC 15408), which help us handle security requirements. This article will present a Common Criteria centred and reuse-based process that deals with security requirements at the early stages of software development in a systematic and intuitive way, by providing a security resources repository as well as integrating the Common Criteria into the software lifecycle, so that it unifies the concepts of requirements engineering and security engineering.