Academia.eduAcademia.edu

Outline

Title
Abstract
Conclusions and Future Work
Requirements Analysis for Security Requirements
Security Pattern-Driven Modeling and Analysis
Analysis of Security Properties
Previous Work
Summary of Issues
Persona Concept Use Cases
Summary
Methodology
Survey Conclusions
Conclusion
Related Work
Introduction
Use Case-Driven Development for
Formal Methods and Uml: Encoding Uml in Congolog
Conclusions
References

Analyzing and Specifying Reusable Security Requirements

Profile image of Donald FiresmithDonald Firesmith

2003

Abstract

ABSTRACT A system cannot have high assurance if it has poor security, and thus, requirements for high assurance systems will logically include security requirements as well as availability, reliability, and robustness requirements. Unlike typical functional requirements, security requirements can potentially be highly reusable, especially if specified as instances of reusable templates.

Related papers

A Framework for Security Requirements Engineering
Robin Laney

Proceedings of the 2006 …, 2006

This paper presents a framework for security requirements elicitation and analysis, based upon the construction of a context for the system and satisfaction arguments for the security of the system. One starts with enumeration of security goals based on assets in the system. These goals are used to derive security requirements in the form of constraints. The system context is described using a problem-centered notation, then this context is validated against the security requirements through construction of a satisfaction argument. The satisfaction argument is in two parts: a formal argument that the system can meet its security requirements, and a structured informal argument supporting the assumptions expressed in the formal argument. The construction of the satisfaction argument may fail, revealing either that the security requirement cannot be satisfied in the context, or that the context does not contain sufficient information to develop the argument. In this case, designers and architects are asked to provide additional design information to resolve the problems.

View PDFchevron_right
Guest editorial: security requirements engineering: past, present and future
Haris Mouratidis

Requirements Engineering, 2010

View PDFchevron_right
Requirements Reuse for Improving Information Systems Security: A Practitioner’s Approach
Fernando García

Requirements Engineering, 2002

Information systems security issues have usually been considered only after the system has been developed completely, and rarely during its design, coding, testing or deployment. However, the advisability of considering security from the very beginning of the system development has recently begun to be appreciated, and in particular in the system requirements specification phase.

View PDFchevron_right
An Approach to Security Requirements Engineering for a High Assurance System *
Jeffery Wilson

Requirements Engineering, 2002

Requirements specifications for high assurance secure systems are rare in the open literature. This paper examines the development of a requirements document for a multilevel secure system that must meet stringent assurance and evaluation requirements. The system is designed to be secure, yet combines popular commercial components with specialized high assurance ones. Functional and non-functional requirements pertinent to security are discussed. A multi-dimensional threat model is presented. The threat model accounts for the developmental and operational phases of system evolution and for each phase accounts for both physical and non-physical threats. We describe our team-based method for developing a requirements document and relate that process to techniques in requirements engineering. The system requirements document presented provides a calibration point for future security requirements engineering techniques intended to meet both functional and assurance goals.

View PDFchevron_right
Security and Functionality Requirements in Practice: Towards a Combined View
Martyn Fletcher, Howard Chivers

2000

Non-functional requirements, such as security, are critical in practical systems, but despite promising academic theory, established practices in functional and non-functional requirements remain disjointed: the development of functional requirements focuses on external behaviour, and non-functional requirements are developed using risk-based criteria. This paper draws on the experience of developing requirements for a grid- based project, the Distributed Aircraft Maintenance Environment

View PDFchevron_right
Reusing security requirements using an extended quality model
Daniel Mendez

2010

A reoccurring problem in software engineering constitutes ensuring sufficient completeness of requirements specifications with economically justifiable efforts. Formulating precise quality requirements and especially security requirements is elaborate as they depend on many stakeholders and technological aspects that are often unclear in early project phases. Threats that may have a severe impact on the software product are sometimes not even known. One approach to tackle this situation is reusing quality requirements, because they are to a high degree similar in different software products. The effect can be higher quality while at the same time saving time and budget.

View PDFchevron_right
Representation of Security and Dependability Solutions
Antonio Munoz

Advances in Information Security, 2009

AmI considerations lead us to argue that it is essential for Security and Dependability (S&D) mechanisms to be able to adapt themselves to renewable context conditions in order to be applied to the ever-changing AmI scenarios. The key for this dynamic adaptation relies on the ability to capture the expertise of S&D engineers in such a way that it can be selected, adapted, used and monitored at runtime by automated means. S&D Artefacts proposed in this chapter represent the core of author's approach to precisely model such expertise in form of semantic descriptions. They adopt an integral methodology covering the complete system life cycle going from S&D Classes, mostly used at development time, to S&D Patterns and S&D Implementations, perfectly suited for deployment and runtime use. This chapter traces the foundations and internals of S&D Artefacts, describing how they

View PDFchevron_right
Case Study in Security Requirements Engineering for a High Assurance System
Barbara Pereira

2001

Requirements speci cations for high assurance secure systems are rare in the open literature. This paper presents a case study in the development of a requirements document for a multilevel secure system that must meet stringent a ssurance and evaluation requirements. The system is secure, yet combines popular commercial components with specialized high assurance ones. Functional and non-functional requirements pertinent to security are discussed. A m ultidimensional threat model is presented. The threat model accounts for the developmental and operational phases of system evolution and for each phase accounts for both physical and non-physical threats. We describe our team-based method for developing a requirements document and relate that process to techniques in requirements engineering. The system requirements document presents a calibration point for future security requirements engineering techniques intended to meet both functional and assurance goals.

View PDFchevron_right
Software Security Requirements Engineering: State of the Art
Muthu Ramachandran

Communications in Computer and Information Science, 2015

Software Engineering has established techniques, methods and technology over two decades. However, due to the lack of understanding of software security vulnerabilities, we have not been so successful in applying software engineering principles that have been established for the past at least 25 years, when developing secure software systems. Therefore, software security can not be just added after a system has been built and delivered to customers as seen in today's software applications. This keynote paper provides concise methods, techniques, and best practice requirements guidelines on software security and also discusses an Integrated-Secure SDLC model (IS-SDLC), which will benefit practitioners, researchers, learners, and educators.

View PDFchevron_right

References (159)

  1. Ada Working Group. Ada Reference Manual. Inter- national Standards Organization, Geneva, Switzer- land, 1983.
  2. G. Berry and G. Gonthier. The Esterel synchronous programming language: Design, semantics, imple- mentation. Sci. of Computer Prog., 19, 1992.
  3. R. Bharadwaj . SOL: A veri able synchronous lan- guage for reactive systems. In Proc. Synchronous Languages, Applications and Programming, ETAPS 2002, Grenoble, France, Apr. 2002.
  4. R. Bharadwaj .V eri able middleware for secure agent interoperability. In Proc. Second Goddard IEEE Workshop on Formal Approaches to Agent-Based Systems FAABS II, Greenbelt, MD, Oct. 2002.
  5. R. Bharadwaj .A framework for the formal analysis of multi-agent systems. In Proc. Formal Approaches to Multi-Agent Systems, W arsaw, Poland, Apr. 2003.
  6. R. Bharadwaj . How to fake a rational design pro- cess using the SCR method. In Proc. Software Engi- neering for High Assurance Systems SEHAS 2003, Portland, OR, May 2003.
  7. R. Bharadwaj and C. Heitmeyer. Hardware software co-design and co-validation using the SCR method. In Proceedings of the IEEE International High Level Design Validation and Test Workshop HLDVT'99, San Diego, CA, Nov. 1999.
  8. R. Bharadwajand C. Heitmeyer. Model checking complete requirements speci cations using abstrac- tion. Automated Softw. Engg., 61, Jan. 1999.
  9. P. Brinch Hansen. Operating System Principles. Prentice-Hall, Englewood Cli s, NJ, 1973.
  10. P. Brinch Hansen. The programming language Concurrent Pascal. IEEE Trans. Software Engg., 12:199 207, 1975.
  11. P. Brinch Hansen. The Architecture of Concurrent Programs. Prentice-Hall, Englewood Cli s, NJ, 1977.
  12. P. Brinch Hansen. Distributed processes: A concur- rent programming concept. CACM, 21, 1978.
  13. F. Buschmann et al. Pattern-Oriented Software A r- chitecture. John Wiley & Sons, Chichester, UK, 1996.
  14. E. W. Dijkstra. The structure of the THE Multi- programming system. CACM, 11:341 346, 1968.
  15. W. M. Farmer et al. Security for mobile agents: Is- sues and requirements. In Proc. National Informa- tion Systems Security Conference, Oct. 1996.
  16. N. Halbwachs. Synchronous Programming of Reac- tive Systems. Kluwer Academic Publishers, 1993.
  17. C. Heitmeyer and R. Bharadwaj . Applying the SCR requirements method to the Light Control Case Study. JUCS, 67, 2000.
  18. C. A. R. Hoare. Monitors: an operating system structuring concept. CACM, 1710:549 557, 1974.
  19. C. A. R. Hoare. Communicating sequential pro- cesses. CACM, 218:666 677, 1978.
  20. B. W. Lampson et al. Report on the programming language Euclid. SIGPLAN Notices, 122, 1977.
  21. B. Liskov et al. Abstraction mechanisms in CLU. CACM, 208:564 576, 1977.
  22. R. L. London et al. An introduction to the construc- tion and veri cation of Alphard programs. IEEE Trans. Softwar Engg., 24:253 264, 1976.
  23. J. Pohl et al. IMMACCS: A multi-agent decision- support system. Technical report, CAD Research Center, California Polytechnic State University, San Luis Obispo, California, Aug. 1999.
  24. D. Schmidt et al. Pattern-Oriented Software A rchi- tecture V olume 2. John Wiley & Sons, Chichester, UK, 2000.
  25. E. Tressler. Inter-agent protocol for distributed SOL processing. Technical Report To Appear, Naval Re- search Laboratory, W ashington, DC, 2002.
  26. N. Wirth. Programming in Modula-2, 3 rd ed. Springer Verlag, Berlin, Germany, 1985. REFERENCES
  27. IEEE Std 1061-1992, IEEE Standard for a Software Quality Metrics Methodology, 1992.
  28. ISO/IEC 9126-1, Software Engineering -Product Quality -Part 1: Quality Model, 2000.
  29. OPEN Process Framework Web Site. Available at <http://www.donald-firesmith.com/>
  30. ISO/IEC 9126-2, Software Engineering -Product Quality -Part 2: External Metrics, 2000.
  31. Firesmith, D.G. Engineering security requirements. Journal of Object Technology 2,1 (January-February 2003), 53-68. Available at <http://www.jot.fm/issues/issue_2003_01/column6>
  32. Alexander, I. Misuse case help to elicit nonfunctional requirements, IEE CCEJ, 2001. Available at <http://wwweasyweb.easynet.co.uk/~iany/consultancy/ papers.htm>
  33. Sindre, G. and Opdahl, A. Templates for Misuse Case Description, Seventh International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ'2001), (4-5 June 2001). Available at <http://www.ifi.uib.no/conf/refsq2001/papers/p25.pdf>
  34. Firesmith, D.G. Security use cases. Journal of Object Technology 2,3 (May-June 2003), 53-64. Available at <http://www.jot.fm/issues/issue_2003_05/column6>
  35. Alberts, C.J. et al., Operationally Critical Threat, Asset, and Vulnerability Evaluation SM (OCTAVE SM )
  36. Framework, Technical Report CMU/SEI-99-TR-017 (1999). Available at <http://www.sei.cmu.edu/publications/documents/99.re ports/99tr017/99tr017abstract.html>
  37. Stoneburner, Gary, CSPP-Guidance for COTS Security Protection Profiles, NISTIR 6462, National Institutes of Standards and Technology (NIST), U.S. Department of Commerce, (December 1999), B-4-7. Available at <http://csrc.nist.gov/publications/nistir/index.html>. REFERENCES
  38. D. E. Bell and L. J. LaPadula. Secure computer sys- tems: Unified exposition and multics interpretation. Technical Report Mitre TR-2997, Mitre Corporation, Bedford, MA, March 1976.
  39. L. A. Campbell, B. H. Cheng, W. E. McUmber, and R. Stirewalt. Automatically detecting and visualizing errors in UML diagrams. Requirements Engineering Journal, December 2002.
  40. M. B. Dwyer, G. S. Avrunin, and J. C. Corbett. Prop- erty specification patterns for finite-state verification. In Proceedings 2nd Workshop on Formal Methods in Software Engineering, pages 7-16, Clearwater Beach, FL, Mar. 1998.
  41. E. B. Fernandez and R. Pan. A pattern language for se- curity models. In 8th Conference on Pattern Languages of Programs, September 2001.
  42. M. Fowler. Analysis Patterns: reusable object models. Addison Wesley Longman, Inc., 1997.
  43. E. Gamma, R. Helm, R. Johnson, and J. Vlissides. De- sign Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, 1994.
  44. G. J. Holzmann. The Model Checker SPIN. IEEE Transactions on Software Engineering, 23(5), May 1997.
  45. D. M. Kienzle, M. C. Elder, D. S. Tyree, and J. Edwards-Hewitt. Security patterns template and tu- torial, June 2002.
  46. J. H. Saltzer and M. D. Schroeder. The protection of in- formation in computer systems. In Proceedings of the IEEE, volume 63(9), pages 1278-1308. IEEE, Septem- ber 1975.
  47. M. Schumacher and U. Roedig. Security Engineering with Patterns. In 8th Conference on Pattern Languages of Programs, July 2001.
  48. J. Viega and G. McGraw. Building Secure Software -How to Avoid Security Problems the Right Way. Addison-Wesley, September 2002.
  49. R. Wassermann and B. H. Cheng. Security pat- terns. Technical Report MSU-CSE-03-23, Computer Science and Engineering, Michigan State University, East Lansing, Michigan, August 2003.
  50. J. Yoder and J. Barcalow. Architectural Patterns for Enabling Application Security, 1997. REFERENCES
  51. The Acme Architectural Description Language http://www-2.cs.cmu.edu/ãcme/
  52. A. Ahmed, L. Jia, D. Walker, Reasoning about hier- archical storage, to appear, IEEE Symp. on Logic in Computer Science, 2003
  53. L. Bauer, J. Ligatti, D. Walker, More enforceable security policies, Foundations of Computer Security, Copenhagen, Denmark, July 2002
  54. J. Burns, A. Cheng, P. Gurung, S. Rajagopalan, P. Rao, D. Rosenbluth, A. Surendran, D. Martin, Auto- matic management of network security policy, DARPA Information Survivability Conference and Exposition (DISCEX II). Volume II. Pages 12-26. Anaheim, CA. June 2001. Pub. IEEE Computer Society Press, Los Alamitos, California. ISBN: 0769512127
  55. A. Cass, B. Lerner, E. McCall, L. Osterweil, A. Wise, Logically central, physically distributed control in a process runtime environment, Technical Report 99- 65, Univ. of Massachusetts at Amherst, Nov. 1999
  56. D. Chess, C. Palmer, S. White, Security in an auto- nomic computing environment, IBM Systems Jour- nal, Vol 42, No. 1, 2003 107-118
  57. J. Cobleigh, L. Osterweil, A. Wise, B. Lerner, Con- tainment units: a hierarchically composable archi- tecture for adaptive systems, ACM SIGSOFT 2002, November 2002
  58. R. Feiertag, S. Rho, L. Benzinger, S. Wu, T. Red- mond, K. Levitt, D. Peticolas, M. Heckman, Intru- sion detection intercomponent adaptive negotiation, Proc. of the RAID 99: Recent Advances in Intrusion Detection, West Lafayette, Indiana, USA, September 7-9, 1999
  59. R. Filman, T. Linden, SafeBots: a paradigm for soft- ware security controls 1996 ACM New Security Paradigms Workshop, Lake Arrowhead
  60. D. Garlan, B. Schmerl, J. Chang, Using gauges for architecture-based monitoring and adaptation, Work- ing Conference on Complex and Dynamic Systems Architecture, December 2001, Brisbane, Australia
  61. C. Gill, D. Levine, Quality of service management for real-time embedded information systems, Technical Report, Center for Distributed Object Computing, Dept. of Computer Science, Washington University, St. Louis, MO 2000
  62. B. Hashii, S. Malabarba, R. Pandey, M. Bishop, Sup- porting reconfigurable security policies for mobile pro- grams, Computer Networks 33 (2000), 77-93
  63. T. Jensen, D. Le Metayer, T. Thorn, Verification of control flow based security policies. IEEE Symp. on Security and Privacy, pp 89-103, 1999
  64. ⇐. If for all M ∈ S, and all a 1 . . . , a n ∈ M such that M |= λ(a 1 , . . . , a n ) we have M {a 1 , . . . , a n } ∈ P λ , then given any M ∈ S, since P supports λ, there exist a 1 , . . . , a n ∈ M , M |= λ(a 1 , . . . , a n ), and thus M {a 1 , . . . , a n } ∈ P λ , and thus M ∈ P . So for all M ∈ S, M ∈ P . Thus S ∈ P . End of Proof REFERENCES
  65. Lowe, Gavin. Breaking and fixing the Needham-Low public-key protocol, in Proc. TACAS (1996), Margaria and Steffen (eds.), volume 1055 of Lecture Notes in Computer Science, Springer Verlag, pages 147-166,
  66. Needham, R. and M. Schroeder. Using Encryption for authentication in large networks of computers. Communications of the ACM 21, 12 (Feb. 1978), 120- 126.
  67. Pancho, Susan. Paradigm shifts in protocol analysis, in Proceedings of the 1999 New Security Paradigms Workshop (1999), ACM Computer Society Press. REFERENCES
  68. K.C. Toth, M. Subramanium, "The Persona Concept:: A Consumer-Centered Identity Model", MobEA (Emerging Applications for Wireless and Mobile Access), Budapest Hungary, May 2003
  69. K.C. Toth, M. Subramanium, "Persona Concept for Privacy and Authentication", International Business & Economics Research Journal, June 2003.
  70. Associated Press. "Feds Charge 3 in Massive Credit Fraud Scheme", CNN.com. November 26, 2002, http://www.cnn.com/2002/LAW/11/26/ID.theft.ap/index.html
  71. J. Leyden. "Feds Break Massive Identity Fraud", The Register, http://online.securityfocus.com/news/1718
  72. Logan Bodia "Real World SSL Benchmarking", www.ciscoworldmagazine.com/webpapers/2002/05_rainbow.shtml
  73. Michael K. Johnson "Lurking with PGP" Linux Journal, December 1996
  74. Verisign, www.verisign.com/whitepaper/enterprise/pki/index.html
  75. William Stallings "The SET standard and E- commerce", Dr. Dobb's Journal, November 2000
  76. Documents on SAML found at OASIS website, www.oasis-open.org/committees/security/#documents 11. Liberty Alliance Specification, www.projectliberty.org 12.
  77. David P. Kormann, Ariel D.Rubin, "Risks of the Passport Single Sign On Protocol", Computer Networks, Elsevier Science Press, Volume 33, pages 51-58, 2000.
  78. Marc Slemco, "Microsoft Passport to Trouble", http://online.securityfocus.com/library/3632
  79. Bell, D., and La Padula, L. "Secure Computer Systems: Mathematical Foundations and Model", MITRE Report, MTR 2547 v2, November 1973.
  80. S.A. Butler, "Security Attribute Evaluation Method: A Cost-Benefit Approach", ICSE '02, May 2002, Orlando, Florida.
  81. Deploying Web services with WSDL, Part 2: Simple Object Access Protocol (SOAP), Bilal Siddigui Mar 2002, www-106.ibm.com/developerworks/library/ws-intwsd2
  82. "XMPP Instant Messaging", IETF Network Working Group, Internet Draft, 'draft-miller-xmpp-im-02, November 3, 2002.
  83. J. Myers, "Simple Authentication and Security Layer (SASL)", RFC 2222, October 1997 REFERENCES
  84. Bell, D.E. and LaPadula, L.J. Secure Computer Systems: Mathematical Foundations and Model. M74- 244, The MITRE Corp., Bedford MA, May 1973.
  85. Constable R. L., Allen S. F., Bromley H. M., Cleaveland W. R., Cremer J. F., Harper R. W., Howe D. J., Knoblock T. B., Mendler N. P., Panangaden P., Sasaki J. T., Smith S. F. Implementing Mathematics with The Nuprl Proof Development System. Cornell University Ithaca NY, 1986.
  86. Kolhase, M. Database of Existing Mechanized Reasoning Systems. <http://www- formal.stanford.edu/clt/ARD/systems.html>. June 1999.
  87. Irvine, Cynthia E., Levin, Timothy E., Dinolt, George W. "HASP Trusted Computing Exemplar", Naval Postgraduate School Technical Report NPS-CS-02-004, September 2002.
  88. Moore and Kaufmann. ACL2 Version 2.7 Homepage. <www.cs.utexas.edu/users/moore/acl2/acl2-doc.html>.
  89. Ubhayakar, S. Evaluation of Program Specification and Verification Systems. Masters Thesis, Naval Postgraduate School, Monterey, California June 2003.
  90. Young, William Comparing Verification Systems: Interactive Consistency in ACL2. <www.cs.utexas.edu/users/moore/publications/others/in teractive-consistency-young.ps> 1996.
  91. Zhang, Wenhui. Evaluation of Verification Tools <www.ifi.uio.np/~adapt/adapt-ft-05.ps.gz>.
  92. I. Alexander, "Misuse Cases: Use Cases with Hostile Intent", IEEE Software, Jan/Feb 2003, 58-66.
  93. E.J. Amoroso, Fundamentals of Computer Security. Prentice Hall, 1994.
  94. S. Brohez and Y. Grégoire, Obstacle Monitoring: an Implementation based on the ASAX Intrusion Detection System. M.S. Thesis, University of Namur, July 2002.
  95. Common Criteria for Information Technology Security Evaluation, Version 2.1, Aug. 1999, http:www.commoncriteria.org/ [CERT] http://www.cert.org/stats/cert_stats.html
  96. L. Chung, B. Nixon, E. Yu and J. Mylopoulos, Non- functional requirements in software engineering. Kluwer Academic, Boston, 2000.
  97. A. Dardenne, A. van Lamsweerde and S. Fickas, "Goal-Directed Requirements Acquisition", Science of Computer Programming, Vol. 20, 1993, 3-50.
  98. R. Darimont and A. van Lamsweerde, "Formal Refine- ment Patterns for Goal-Driven Requirements Elaboration", Proc. FSE'4 -Fourth ACM SIGSOFT Symp. on the Founda- tions of Software Engineering, San Francisco, October 1996, 179-190.
  99. M. Feather, S. Fickas, A. van Lamsweerde, and C. Ponsard, "Reconciling System Requirements and Runtime Behaviour", Proc. IWSSD'98 -9th International Workshop on Software Specification and Design, Isobe, IEEE CS Press, April 1998.
  100. P.J. Fontaine, Goal-Oriented Elaboration of Security Requirements. M.S. Thesis, Dept. Computing Science, University of Louvain, June 2001.
  101. S. Haridi, P. Van Roy, P. Brand, M. Mehl, R. Scheidhauer, and G. Smolka, "Efficient logic variables for distributed computing", ACM Transactions on Programming Languages and Systems, 21(3), May 1999.
  102. G. Helmer, J. Wong, M. Slagell, V. Honavar , L. Miller and R. Lutz, "A Software Fault Tree Approach to Requirements Analysis of an Intrusion Detection System", Requirements Engineering Journal Vol. 7 No. 4, 2002, 177- 220.
  103. M. Joye and J.J. Quisquater, "On the importance of securing your bins: The garbage-man-in-the-middle attack", in T. Matsumoto, ed., 4th ACM Conference on Computer and Communications Security, ACM Press, 1997, pp. 135- 141.
  104. M. Joye, J.J. Quisquater and Y. Moti, "On the power of misbehaving adversaries and security analysis of EPOC", in Progress in Cryptology -CT-RSA 2001, Lectures Notes in Computer Science, Vol. 2020, April 2001.
  105. R.A. Kemmerer, "Cybersecurity", Invited Mini- Tutorial, Proc. ICSE'03: 25 th Intl. Conf. on Software Engineering, Portland, IEEE Computer Society Press, May 2003, 705-715.
  106. A. van Lamsweerde, R. Darimont, E. Letier, "Managing Conflicts in Goal-Driven Requirements Engineering", IEEE Transactions on Software Engineering, Special Issue on Managing Inconsistency in Software Development, November 1998.
  107. A. van Lamsweerde, "Requirements Engineering in the Year 00: A Research Perspective", Keynote paper, Proc. ICSE'2000 -22 nd International Conference on Software Engineering, ACM Press, 2000.
  108. A. van Lamsweerde and E. Letier, "Handling Obstacles in Goal-Oriented Requirements Engineering", IEEE Transactions on Software Engineering, Special Issue on Exception Handling, October 2000.
  109. A. van Lamsweerde , "Goal-Oriented Requirements Engineering: A Guided Tour", Invited Minitutorial, Proc. RE'01 -5 th Intl. Symp. Requirements Engineering, Toronto, August 2001, pp. 249-263.
  110. J. McLean and C. Heitmeyer, "High Assurance Computer Systems: A Research Agenda", America in the Age of Information, National Science and Technology Council Committee on Information and Communications Forum, Bethesda, 1995.
  111. E. Letier and A. van Lamsweerde, "Agent-Based Tactics for Goal-Oriented Requirements Elaboration", Proc. ICSE'02: 24 th Intl. Conf. on Software Engineering, Orlando, IEEE Computer Society Press, May 2002.
  112. E. Letier and A. van Lamsweerde, "Deriving Operational Software Specifications from System Goals", Proc. FSE'10: 10 th ACM SIGSOFT Symp. on the Foundations of Software Engineering, Charleston, November 2002.
  113. N. Leveson, Safeware -System Safety and Computers. Addison-Wesley, 1995.
  114. L. Lin, B. Nuseibeh, D. Ince, M. Jackson and J. Moffett, "Introducing Abuse Frames for Analyzing Security Requirements", Open University, 2003.
  115. L. Liu, E. Yu and J. Mylopoulos, "Security and Privacy Requirements Analysis with a Social Settinfg", Proc. RE'03 -International Conference on Requirements Engineering, Monterey, California, September 2003.
  116. AP. Moore, R.J. Ellison and R.C. Linger, "Attack Modeling for Information Security and Survivability", Technical Note CMU/SEI-2001-TN-001, March 2001.
  117. D.L. Parnas and J. Madey, "Functional Documents for Computer Systems", Science of Computer Programming, Vol. 25, 1995, pp. 41-61.
  118. C. Potts, "Using Schematic Scenarios to Understand User Needs", Proc. DIS'95 -ACM Symposium on Designing interactive Systems: Processes, Practices and Techniques, University of Michigan, August 1995.
  119. W. N. Robinson, "Requirements Interaction Management", ACM Computing Surveys, June 2003.
  120. P. Van Roy, P. Brand, S. Haridi, and R. Collet, "A lightweight reliable object migration protocol", Lecture Notes in Computer Science, vol. 1686, Springer-Verlag, October 1999.
  121. A. dos Santos, G. Vigna, and R. Kemmerer, "Security Testing of the Online Banking Service of a Large International Bank", Proceedings of the First Workshop on Security and Privacy in E-Commerce, November 2000.
  122. B. Schneier, "Attack Trees: Modeling Security Threats", Dr. Dobb's Journal, December 1999.
  123. B. Schneier, Secrets and Lies: Digital Security in a Networked World. Wiley, 2000.
  124. O. Sheyner, J. Haines, S. Jha, R. Lippmann and J. Winf, "Automated Generation and Analysis of Attack Graphs", Proc. IEEE Symp. on Security and Privacy, Oakland (CA), May 2002.
  125. G. Sindre and A.L. Opdahl, "Eliciting Security Requirements by Misuse Cases, Proc. TOOLS Pacific'2000, Conf. on Techniques of Object-Oriented Languages and Systems, 2000, 120-131.
  126. G. Sindre and A.L. Opdahl, "Templates for Misuse Case Description", Proc. REFSQ'01 -Intl. Workshop on Requirements Engineering: Foundations for Software Quality, 2001.
  127. J. Viega and G. McGraw, Building Secure Software: How to Avoid Security Problems the Right Way. Pearson Education, 2001.
  128. E.S.K. Yu, "Modelling Organizations for Information Systems Requirements Engineering", Proc. RE'93 -1st Intl Symp. on Requirements Engineering, IEEE, 1993, 34-41.
  129. J. Wing, "A Symbiotic Relationship Between Formal Methods and Security", Proc. NSF Workshop on Computer Security, Fault Tolerance, and Software Assurance: From Needs to Solution. December 1998. Figure 10. XML schema to security design patterns <?xml version="1.0" encoding="UTF8"?> <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified"> <xsd:element name="SecPattern"> <xsd:complexType> <xsd:sequence> <xsd:element name="Intent" type="xsd:string"/> <xsd:element name="Motivation" type="xsd:string"/> <xsd:element name="Applicability" type="xsd:string" minOccurs="0"/> <xsd:element name="Participants" type="ParticipantsType"/> <xsd:element name="Collaborations" type="xsd:string"/> <xsd:element name="Diagram" type="xsd:string"/> <xsd:element name="Consequences" type="xsd:string"/> <xsd:element name="Implementation" type="xsd:string"/> <xsd:element name="Examples" type="ExamplesType"/> <xsd:element name="SeeAlso" type="xsd:string"/> <xsd:element name="XMIRepresentation" type="xsd:string"/> <xsd:element name="SecurityRequirements" type="xsd:string"/> </xsd:sequence> </xsd:complexType> </xsd:element> <xsd:complexType name="ParticipantsType"> <xsd:sequence> <xsd:element ref="UMLElement" maxOccurs="unbounded"/> </xsd:sequence> </xsd:complexType> <xsd:element name="UMLElement"> <xsd:complexType> <xsd:sequence> <xsd:element name="Name" type="xsd:string"/> <xsd:element name="Type" type="xsd:string"/> <xsd:element name="Responsibility" type="xsd:string"/> </xsd:sequence> </xsd:complexType> </xsd:element> <xsd:complexType name = "ExamplesType"> <xsd:sequence> <xsd:element ref="Example" maxOccurs="unbounded"/>
  130. </xsd:sequence> </xsd:complexType> <xsd:element name="Example"> <xsd:complexType> <xsd:sequence> <xsd:element name="Title" type="xsd:string"/> <xsd:element name="Description" type="xsd:string"/>
  131. K. Allenby and T. Kelly. Deriving safety requirements using scenarios. In Fifth IEEE International Symposium on Requirements Engineering (RE'01), pages 228-235. IEEE Computer Society Press, 2001.
  132. G. Brose, M. Koch, and K.-P. Löhr. Integrating security policy design into the software development process. Technical Report B-01-06, Institut für Informatik, Freie Universität Berlin, Nov. 2001.
  133. M. Chaudron, K. van Hee, and L. Somers. Use cases as workflows. Lecture Notes in Computer Science, 2678:88-103, 2003.
  134. P. Coad. Object-oriented patterns. Communications of the ACM, 35(9):153-159, Sept. 1993.
  135. B. Curtis, M. Kellner, and J. Over. Process Modeling. Communications of the ACM, 35(9):75-90, Sept. 1992.
  136. S. A. DeLoach and M. Wood. Developing multiagent systems with agentTool. Lecture Notes in Computer Science, 1986:46-60, 2001.
  137. P. T. Devanbu and S. G. Stubblebine. Software engineering for security. In Proceedings of the 22th International Conference on Software Engineering (ICS-00), pages 227-240, NY, June 4-11, 2000. ACM Press.
  138. H.-E. Eriksson and M. Penker. Business Modelling with UML: Business Patterns at Work. John Wiley & Sons, 2000.
  139. G. D. Giacomo, Y. Lésperance, and H. J. Levesque. ConGolog, A concurrent programming language based on situation calculus. Artificial Intelligence, 121(1- 2):109-169, 2000.
  140. J. Y. Halpern and V. Weissman. Using first-order logics to reason about policies. In proceedings of the 16 th IEEE Computer Security Foundations Workshop, 2003.
  141. J. Hernández and J. Pinto. Especificación formal de protocols en cálculo de situaciones. Novatica, 143:57- 63, 2000.
  142. G. Herrmann and G. Pernul. Viewing business process security from different perspectives. Proceedings of the 11 th International Bled Electronic Commerce Conference "Electronic Commerce in the Information Society", Slovenia, pages 89-103, 1998.
  143. I. Jacobson, M. Ericsson, and A. Jacobson. The Object Advantage: Business process reengineering with Object Technology. Addison-Wesley Publishing Company, 1995.
  144. J. Jürjens. Towards development of secure systems using UMLsec. Lecture Notes in Computer Science, 2029, 2001.
  145. M. Koubarakis and D. Plexousakis. A formal framework for business process modeling and design. Information Systems, 27(5):299-319, 2002.
  146. Y. Lespérance, H. J. Levesque, and R. Reiter. A situation calculus approach to modeling and programming agents. In M. J. Wooldridge and A. Rao, editors, Foundations of Rational Agency, pages 275- 299. Kluwer Academic Publishers, Dordrecht, 1999.
  147. H. J. Levesque, R. Reiter, I. Lésperance, F. Lin, and R. B. Scherl. GOLOG: A logic programming language for dynamic domains. Journal of Logic programming, 31(1- 3):59-83, Apr.-June 1997.
  148. J. McCarthy and P. J. Hayes. Some philosophical problems from the standpoint of artificial intelligence. Machine Intelligence, 4:463-502, 1969.
  149. J. McDermott and C. Fox. Using abuse case models for security requirements analysis. In 15 th Annual Computer Security Applications Conference (ACSAC'99), 1999.
  150. J. Mylopoulos, L. Chung, and B. Nixon. Representing and using nonfunctional requirements: A process- oriented approach. IEEE Transactions on Software Engineering, 18(6):483-497, June 1992.
  151. D. Plexousakis. Simulation and analysis of business process sing Golog. In Proceedings of the ACM Conference on Organizational Computing Systems, pages 311-322. ACM Press, 1995.
  152. A. W. Röhm, G. Herrmann, and G. Pernul. A language for modelling secure business transactions. In IEEE Annual Computer Security Application Conference (ACSAC'99), Phoenix, USA, Dec. 1999.
  153. R. Scherl, H. Levesque, and Y Lésperance. The situation calculus with sensing and indexical knowledge. In M. Koppel and E. Shamisr, editors, Proceedings of BISFAI'95: The Fourth Bar-Ilan Symposium on Foundations of Artificial Intelligence, pages 86-95, Israel, 1995. Ramat Gan and Jerusalem.
  154. M. Schumacher and U Roedig. Security engineering with patterns. In Pattern Languages of Programs 2001, Monticello, IL, 2001.
  155. S. Sendall and A. Strohmeier. From use cases to system operation specifications. In Third International Conference on the Unified Modeling Language UML'2000, pages 1-15, 2000.
  156. G. Sindre and A. L. Opdahl. Eliciting security requirements by misuse cases. In Proc. TOOLS Pacific 2000, pages 174-183, November 2000.
  157. R. Vaughn, R. Henning, and K. Fox. An empirical study of industrial security engineering practices. Journal of Systems and Software, Nov. 2001.
  158. E. S. K. Yu, J. Mylopoulos, and Y. Lespérance. AI models for business process reengineering. IEEE Expert, 11:16-23, 1996.
  159. OMG: XML Metadata Interchange (XMI) Specification, OMG Document formal 03-05-02, May 2003.

Related papers

Specifying Reusable Security Requirements
Donald Firesmith

2004

Abstract Unlike typical functional requirements, security requirements can potentially be highly reusable, especially if specified as instances of reusable templates. In this column, I will discuss the concepts underlying security engineering including its quality subfactors. I will then address the issue of security requirements and how they differ from the architectural mechanisms that will fulfill them.

View PDFchevron_right
Towards a Catalogue of Reusable Security Requirements, Vulnerabilities and Threats
Alberto Da Silva

2018

Organizations are giving more importance to secure their systems due to the increasing number of cyber-attacks and inherent complexity. The aim of our work is help organizations plan and consider these security concerns from the very beginning, since the requirements and design phases, and not just later in the implementation or deployment phases. Consider security-bydesign and security-by-default principles are good approaches to avoid rework costs or to mitigate security flaws. However, there is not yet a suitable approach to specify security requirements in a rigorous and systematic way. In this paper we propose an approach that allows the definition and specification of security-specific concerns like security requirements but also vulnerabilities, risks or threats. We discuss this approach based on two key parts: First, we introduce the RSLingo RSL language, that is a rigorous requirements specification language, and discuss how it is extended to support such security-specific concepts. Second, we claim the relevance for a catalogue of reusable security-specific specifications and then we show concrete examples of defining and using such specifications. The proposed catalogue can be easily used and extended by the community and involves currently 52 goals, 12 vulnerabilities and 31 risks; these concerns are defined into 9 packages each one representing a distinct asset.

View PDFchevron_right
A reuse-based approach to determining security requirements
Donald Firesmith

2003

Abstract The paper proposes a reuse-based approach to determining security requirements. Development for reuse involves identifying security threats and associated security requirements during application development and abstracting them into a repository of generic threats and requirements.

View PDFchevron_right
Reusable Security Requirements Repository Implementation Based on Application/System Components
Ferda Özdemir

IEEE Access, 2021

Forming high quality requirements has a direct impact on project success. Gathering security requirements could be challenging, since it demands a multidisciplinary approach and security expertise. Security requirements repository enables an effective alternative for addressing this challenge. The main objective of this paper is to present the design of a practical repository model for reusable security requirements, which is easy to use and understand for even non-security experts. The paper also portrays an approach and a software tool for using this model to determine subtle security requirements for improved coverage. Proposed repository consists of attributes determined by examining common security problems covered in state-of-the-art publications. A test repository was prepared using specification files and Common Criteria documents. The outcomes of applying the proposed model were compared with the sample requirement sets included in the state-of-the-art publications. The results reveal that in the absence of a security requirements repository, key security points can be missed. Repository improves the completeness of the security terms with reasonable effort.

View PDFchevron_right
1 Security Requirements Engineering: A Survey
Hadar Ziv, D. Richardson

2008

Security has become a primary and prevalent concern for software systems. The past decade has witnessed a tremendous increase in not only the sheer number of attacks but also the ease with which attacks can be performed on systems. We believe that in order to protect a system against harm (intended or not), attention must be given to its requirements. Similar to other system properties and quality attributes, security must be considered from inception, in other words starting with requirements. Security is a nonfunctional requirement (NFR) that is increasingly critical in its importance, unique in its requirements, yet must still be integrated with all other functional and non-functional requirements and mapped into successful architectures, designs, and implementation. Similar to other nonfunctional requirements, the unique nature and demands of security make it difficult and often ineffective to specify security concerns using &quot;general purpose &quot; requirements methods. As ...

View PDFchevron_right
580 California St., Suite 400
San Francisco, CA, 94104
© 2025 Academia. All rights reserved