Security Requirements Engineering: A Framework for Representation and Analysis

  title={Security Requirements Engineering: A Framework for Representation and Analysis},
  author={Charles B. Haley and Robin C. Laney and J. Moffett and B. Nuseibeh},
  journal={IEEE Transactions on Software Engineering},
  • Charles B. Haley, Robin C. Laney, +1 author B. Nuseibeh
  • Published 2008
  • Computer Science
  • IEEE Transactions on Software Engineering
  • This paper presents a framework for security requirements elicitation and analysis. The framework is based on constructing a context for the system, representing security requirements as constraints, and developing satisfaction arguments for the security requirements. The system context is described using a problem-oriented notation, then is validated against the security requirements through construction of a satisfaction argument. The satisfaction argument consists of two parts: a formal… CONTINUE READING
    423 Citations
    • 6
    FESR: A Framework for Eliciting Security Requirements Based on Integration of Common Criteria and Weakness Detection Formal Model
    • 3
    A Model for Structuring and Reusing Security Requirements Sources and Security Requirements
    • 9
    • PDF
    A model based security requirements engineering framework applied for online trading system
    • P. Salini, S. Kanmani
    • Computer Science
    • 2011 International Conference on Recent Trends in Information Technology (ICRTIT)
    • 2011
    • 13
    A Framework for Security Requirements Elicitation
    • 2
    • Highly Influenced
    • PDF
    Supporting Common Criteria Security Analysis with Problem Frames
    • 5
    • PDF
    A comparison of security requirements engineering methods
    • 219
    • PDF
    Aligning Security Requirements and Security Assurance Using the Common Criteria
    • 12
    Argumentation-Based Security Requirements Analysis: BitMessage Case Study
    • A. Kovacs, Ioannis Karakatsanis, D. Svetinovic
    • Computer Science
    • 2014 IEEE International Conference on Internet of Things(iThings), and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom)
    • 2014
    • 1
    • Highly Influenced
    Eliciting security requirements and tracing them to design: an integration of Common Criteria, heuristics, and UMLsec
    • 125
    • PDF


    A framework for security requirements engineering
    • 170
    • PDF
    Elaborating security requirements by construction of intentional anti-models
    • A. V. Lamsweerde
    • Engineering, Computer Science
    • Proceedings. 26th International Conference on Software Engineering
    • 2004
    • 452
    • PDF
    Core Security Requirements Artefacts
    • 62
    • PDF
    Arguing Satisfaction of Security Requirements
    • 30
    • PDF
    Arguing security: validating security requirements using structured argumentation
    • 60
    • PDF
    Modeling security requirements through ownership, permission and delegation
    • 247
    • PDF
    Deriving security requirements from crosscutting threat descriptions
    • 105
    • PDF
    Building secure software: how to avoid security problems the right way
    • 463
    Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems
    • 149
    • PDF
    Using trust assumptions with security requirements
    • 54
    • PDF