Security Requirements Engineering through Iterative Intrusion-Aware Design

نویسنده

  • Andrew P. Moore
چکیده

Fundamental to the Survivable Network Analysis (SNA) method, developed at the SEI [2], is the use of intrusion scenarios to improve the survivability of system designs. This position statement describes some relevant insights gained from applying SNA to several significant real-world systems. These insights help understand what is needed to use intrusion scenarios for security requirements engineering in a spiral-type, intrusion-aware development process. Specifically, I describe a scalable organization technique for intrusion scenarios that ameliorates some of the problems that we’ve encountered. I conclude with several key obstacles to using intrusion scenarios for security requirements engineering.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Capturing and Documentation of Decisions in Security Requirements Engineering through Heuristics

Security of software systems is critical to business because detected security flaws such as the loss of sensitive information or damages can decrease revenue significantly [8]. One reason for security problems is the lack of security awareness in software development. If software engineers are not aware of security concerns as early as in requirements engineering, they cannot appropriately add...

متن کامل

EIDA: An Energy-Intrusion aware Data Aggregation Technique for Wireless Sensor Networks

Energy consumption is considered as a critical issue in wireless sensor networks (WSNs). Batteries of sensor nodes have limited power supply which in turn limits services and applications that can be supported by them. An efcient solution to improve energy consumption and even trafc in WSNs is Data Aggregation (DA) that can reduce the number of transmissions. Two main challenges for DA are: (i)...

متن کامل

Engineering Self-protection for Autonomous Systems

Security violations occur in systems even if security design is carried out or security tools are deployed. Social engineering attacks, vulnerabilities that can not be captured in the relatively abstract design model (as buffer-overflows), or unclear security requirements are only some examples of such unpredictable or unexpected vulnerabilities. One of the aims of autonomous systems is to reac...

متن کامل

A semantic-aware role-based access control model for pervasive computing environments

Access control in open and dynamic Pervasive Computing Environments (PCEs) is a very complex mechanism and encompasses various new requirements. In fact, in such environments, context information should be used in access control decision process; however, it is not applicable to gather all context information completely and accurately all the time. Thus, a suitable access control model for PCEs...

متن کامل

Towards a Risk-Based Security Requirements Engineering Framework

Information Systems (IS), particularly e-business systems, are required to be more secure in order to resist to the increasing number of attacks. Security is no longer just a desirable quality of IT systems, but is required for compliance to international regulations. The Requirements Engineering (RE) community has started to make successful contributions in the domain of security engineering. ...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2001