Security Requirements Engineering: A Framework for Representation and Analysis
@article{Haley2008SecurityRE,
title={Security Requirements Engineering: A Framework for Representation and Analysis},
author={Charles B. Haley and Robin C. Laney and J. Moffett and B. Nuseibeh},
journal={IEEE Transactions on Software Engineering},
year={2008},
volume={34},
pages={133-153}
}This paper presents a framework for security requirements elicitation and analysis. The framework is based on constructing a context for the system, representing security requirements as constraints, and developing satisfaction arguments for the security requirements. The system context is described using a problem-oriented notation, then is validated against the security requirements through construction of a satisfaction argument. The satisfaction argument consists of two parts: a formal… CONTINUE READING
Figures and Topics from this paper
423 Citations
FESR: A Framework for Eliciting Security Requirements Based on Integration of Common Criteria and Weakness Detection Formal Model
- Engineering, Computer Science
- 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS)
- 2017
- 3
A Model for Structuring and Reusing Security Requirements Sources and Security Requirements
- Computer Science, Engineering
- REFSQ Workshops
- 2015
- 9
- PDF
A model based security requirements engineering framework applied for online trading system
- Computer Science
- 2011 International Conference on Recent Trends in Information Technology (ICRTIT)
- 2011
- 13
A comparison of security requirements engineering methods
- Engineering, Computer Science
- Requirements Engineering
- 2009
- 219
- PDF
Aligning Security Requirements and Security Assurance Using the Common Criteria
- Engineering, Computer Science
- 2010 Fourth International Conference on Secure Software Integration and Reliability Improvement
- 2010
- 12
Argumentation-Based Security Requirements Analysis: BitMessage Case Study
- Computer Science
- 2014 IEEE International Conference on Internet of Things(iThings), and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom)
- 2014
- 1
- Highly Influenced
Eliciting security requirements and tracing them to design: an integration of Common Criteria, heuristics, and UMLsec
- Engineering, Computer Science
- Requirements Engineering
- 2009
- 125
- PDF
References
SHOWING 1-10 OF 119 REFERENCES
Elaborating security requirements by construction of intentional anti-models
- Engineering, Computer Science
- Proceedings. 26th International Conference on Software Engineering
- 2004
- 452
- PDF
Arguing security: validating security requirements using structured argumentation
- Computer Science
- 2005
- 60
- PDF
Modeling security requirements through ownership, permission and delegation
- Computer Science
- 13th IEEE International Conference on Requirements Engineering (RE'05)
- 2005
- 247
- PDF
Deriving security requirements from crosscutting threat descriptions
- Computer Science
- AOSD '04
- 2004
- 105
- PDF
Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems
- Computer Science
- CAiSE
- 2003
- 149
- PDF