Goal-Based Requirement Engineering for Fault Tolerant Security- Critical Systems
作者: Davoud Mougouei
DOI: 10.14257/IJSEIA.2013.7.5.01
关键词:
摘要: Large amount of security faults existing in software systems could be complex and hard to identify during the fault analysis. Therefore, it is not always possible fully mitigate internal or external (vulnerabilities threats) within system. On other hand, existence system may eventually lead a failure. To avoid failure target required make flexible tolerant presence faults. This paper proposes goal-based modeling approach develop requirements Security-Critical Systems (SCSs) through explicitly factoring into requirement engineering process. Our establishes Security Requirement Model (SRM) based on its respective Fault (SFM). We incorporate tolerance SRM considering partial satisfaction goals. The proposed factors this partiality goals by using proper mitigation techniques refinement contributes model for
sersc.org 参考文章(28)
Joni Da Silva Fraga, David Rodney Powell, A fault- and intrusion- tolerant file system ,(1985)
Kenneth S. Edge, Richard A. Raines, A framework for analyzing and mitigating the vulnerabilities of complex systems via attack and protection trees A framework for analyzing and mitigating the vulnerabilities of complex systems via attack and protection trees. pp. 219- 219 ,(2007)
Paulo Esteves Veríssimo, Nuno Ferreira Neves, Miguel Pupo Correia, Intrusion-tolerant architectures: concepts and design Lecture Notes in Computer Science. pp. 3- 36 ,(2003) , 10.1007/3-540-45177-3_1
Betty H. C. Cheng, Pete Sawyer, Nelly Bencomo, Jon Whittle, A Goal-Based Modeling Approach to Develop Requirements of an Adaptive System with Environmental Uncertainty model driven engineering languages and systems. pp. 468- 483 ,(2009) , 10.1007/978-3-642-04425-0_36
Axel van Lamsweerde, Building Formal Requirements Models for Reliable Software international conference on reliable software technologies. pp. 1- 20 ,(2001) , 10.1007/3-540-45136-6_1
Alexander Romanovsky, Cristina Gacek, Rogério de Lemos, Architecting Dependable Systems ,(2003)
Jie Wang, Raphael C.-W. Phan, John N. Whitley, David J. Parish, Augmented Attack Tree Modeling of Distributed Denial of Services and Tree Based Attack Detection Method computer and information technology. pp. 1009- 1014 ,(2010) , 10.1109/CIT.2010.185
Kenneth Edge, George Dalton, Richard Raines, Robert Mills, Using Attack and Protection Trees to Analyze Threats and Defenses to Homeland Security military communications conference. pp. 953- 959 ,(2006) , 10.1109/MILCOM.2006.302512
Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Julio Lopez, Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms ieee symposium on security and privacy. pp. 523- 537 ,(2012) , 10.1109/SP.2012.38
Massimo Ficco, Massimiliano Rak, Intrusion Tolerance in Cloud Applications: The mOSAIC Approach 2012 Sixth International Conference on Complex, Intelligent, and Software Intensive Systems. pp. 170- 176 ,(2012) , 10.1109/CISIS.2012.202