Core Security Requirements Artefacts
作者: Jonathan D Moffett , Charles B Haley , Bashar Nuseibeh
DOI:
关键词:
摘要: Although security requirements engineering has recently attracted increasing attention, it lacked a context in which to operate. A number of papers have described how may be violated, but apart from few hints the general literature, none satisfactorily what are. This paper proposes framework core artefacts, unifies concepts two disciplines and engineering. From takes concept functional goals, are operationalised into requirements, with appropriate constraints. assets, together threats harm those assets. Security goals aim protect threats, take form constraints on requirements. In addition we explore consequences fact that is concerned protection while computers only provide interfaces. We show specify relationship between specification software behaviour, using Jackson's Problem Frames approach.
moffett.me.uk 参考文章(45)
Bruce Schneier, Secrets and Lies Wiley-VCH. ,(2004)
James P. Anderson, Computer Security Technology Planning Study ,(1972)
Elizabeth D. Zwicky, D. Brent Chapman, Deborah Russell, Building Internet Firewalls ,(1995)
Kevin D. Mitnick, William L. Simon, The Art of Deception: Controlling the Human Element of Security John Wiley & Sons, Inc.. ,(2001)
Michael Jackson, Problem Frames: Analyzing and Structuring Software Development Problems ,(2000)
Gerald Kotonya, Ian Sommerville, Requirements Engineering: Processes and Techniques Wiley Publishing. ,(1998)
Hector Garcia-Molina, Jennifer Widom, Jeffrey D. Ullman, Database Systems: The Complete Book ,(2001)
Constance Heitmeyer, Applying Practical Formal Methods to the Specification and Analysis of Security Properties mathematical methods models and architectures for network security systems. pp. 84- 89 ,(2001) , 10.1007/3-540-45116-1_11
Haralambos Mouratidis, Paolo Giorgini, Gordon Manson, Integrating security and systems engineering: towards the modelling of secure information systems conference on advanced information systems engineering. pp. 63- 78 ,(2003) , 10.1007/3-540-45017-3_7