Eliciting Security Requirements Method Based on Safety Knowledge Base

被引:0
|
作者
Yu, Xiaofei [1 ]
Li, Xiaohong [1 ]
Mang, Qianqian [1 ]
机构
[1] Tianjin Univ, Sch Comp Sci & Technol, Tianjin 300072, Peoples R China
来源
CONTEMPORARY RESEARCH ON E-BUSINESS TECHNOLOGY AND STRATEGY | 2012年 / 332卷
关键词
Security Requirements; Asset; Threat; Security Functional Component; Common Criteria;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
With the development of software technology, software security is receiving more and more attention. Security requirement is a key stage in the process of software development. In the present research, we propose a method to elicit security requirements; that is developed based on safety knowledge base. In the method, we perform analysis based on the asset, threat and Common Criteria security function components. Then, we summarize the relationship of the three. Based on this, we establish a safety knowledge base. Starting from the functional requirements of the application system, the system assets will be analyzed and matched automatically based on the established safety knowledge base, and finally we elicit the security requirements. The approach is very effective for the purpose of security requirement analysis, and elicits security requirements easily and efficiently. It will be very helpful for security software development.
引用
收藏
页码:109 / 121
页数:13
相关论文
共 50 条
  • [11] Eliciting Usable Security Requirements with Misusability Cases
    Faily, Shamal
    Flechais, Ivan
    2011 19TH IEEE INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE (RE), 2011, : 339 - 340
  • [12] Eliciting Ethicality Requirements Using the Ontology-Based Requirements Engineering Method
    Guizzardi, Renata
    Amaral, Glenda
    Guizzardi, Giancarlo
    Mylopoulos, John
    ENTERPRISE, BUSINESS-PROCESS AND INFORMATION SYSTEMS MODELING, 2022, 450 : 221 - 236
  • [13] A Pre-Evaluation Method for Rail Transit Safety Based on a Safety Knowledge Base
    Sheng F.
    An X.
    Lin H.
    Zeng X.
    Hu N.
    Li D.
    Bao J.
    Tongji Daxue Xuebao/Journal of Tongji University, 2024, 52 (02): : 184 - 191
  • [14] Eliciting Software Safety Requirements in Complex Systems
    Menon, Catherine
    Kelly, Tim
    2010 IEEE INTERNATIONAL SYSTEMS CONFERENCE, 2010, : 616 - 621
  • [15] A Dynamic Deployment Method of Security Services Based on Malicious Behavior Knowledge Base
    Guo, Qi
    Li, Man
    Wang, Weilin
    Liu, Ying
    SENSORS, 2022, 22 (22)
  • [16] A Serious Game for Eliciting Social Engineering Security Requirements
    Beckers, Kristian
    Pape, Sebastian
    2016 IEEE 24TH INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE (RE), 2016, : 16 - 25
  • [17] Eliciting Security Requirements for Business Processes of Legacy Systems
    Argyropoulos, Nikolaos
    Marquez Alcaniz, Luis
    Mouratidis, Haralambos
    Fish, Andrew
    Rosado, David G.
    Garcia-Rodriguez de Guzman, Ignacio
    Fernandez-Medina, Eduardo
    PRACTICE OF ENTERPRISE MODELING, POEM 2015, 2015, 235 : 91 - 107
  • [18] A Semantic Knowledge Base Construction Method for Information Security
    Yao, Yuangang
    Ma, Xiaoyu
    Liu, Hui
    Yi, Jin
    Zhao, Xianghui
    Liu, Lin
    2014 IEEE 13TH INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM), 2014, : 803 - 808
  • [19] A System for Seamless Support from Security Requirements Analysis to Security Design Using a Software Security Knowledge Base
    Hazeyama, Atsuo
    Miyahara, Hikaru
    Tanaka, Takafumi
    Washizaki, Hironori
    Kaiya, Haruhiko
    Okubo, Takao
    Yoshioka, Nobukazu
    2019 IEEE 27TH INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE WORKSHOPS (REW 2019), 2019, : 134 - 140
  • [20] A Simulation-Based Method for Eliciting Requirements of Online CIB Systems
    Carneiro da Silva, Alexandre Parra
    Hirata, Celso Massaki
    WEB INFORMATION SYSTEMS AND TECHNOLOGIES, WEBIST 2012, 2013, 140 : 34 - 52
12345