A Systematic Framework for Structured Object Oriented Security Requirements Analysis
نویسندگان
چکیده
There are several approaches to elicit, analyze and specify security requirements ranging from formal mathematical models for proof of certain security properties to informal methods which are easily understood. Applicability of formal security models is limited since they are complex and it is time consuming to develop. On the other hand, informal security requirements analysis methods are not integrated with conceptual models in requirements analysis and they provide no process for analyzing both internal and external threats in a structured manner. This paper discusses a structured object oriented security requirements analysis methodology for the elicitation and analysis of security requirements. It is capable of identifying hierarchically both external and internal threats posed by both external and internal actors of a system level by level. It is illustrated and validated by security requirements analysis for an online banking system and an advanced power grid control system.
منابع مشابه
Tropos: A Framework for Requirements-Driven Software Development
Traditionally, software development techniques have been implementation-driven in the sense that the programming paradigm of the day dictated the design and requirements analysis techniques used. For example, structured programming led to structured analysis and design techniques in the ‘70s. More recently, object-oriented programming gave rise to object-oriented analysis and design. In this ch...
متن کاملKey Issues of a Formally Based Process Model for Security Engineering
In this paper we outline a new process model for security engineering. This process model extends object oriented, use case oriented software development by systematic security requirements elicitation and realization. In particular, we integrate the modeling of security requirements, threat and risk analysis on the one hand with the modeling of business processes, use cases and the constructio...
متن کاملA systematic review of security requirements engineering
a r t i c l e i n f o One of the most important aspects in the achievement of secure software systems in the software development process is what is known as Security Requirements Engineering. However, very few reviews focus on this theme in a systematic, thorough and unbiased manner, that is, none of them perform a systematic review of security requirements engineering, and there is not, there...
متن کاملA customer oriented systematic framework to extract business strategy in Indian electricity services
Competition in the electric service industry is highlighting the importance of a number of issues affecting the nature and quality of customer service. The quality of service(s) provided to electricity customers may be enhanced by competition, if doing so offers service suppliers a competitive advantage. On the other hand, service quality offered to some consumers could decline if utilities foc...
متن کاملTowards a Systematic Development of Secure Systems
In this paper we outline a new process model for security engineering. This process model extends object oriented, use case driven software development by the systematic treatment of security related issues. We introduce the notion of security aspects describing security relevant requirements and measures at a certain level of abstraction. We define a micro-process for security analysis support...
متن کامل