Eliciting Security Requirements Method Based on Safety Knowledge Base

被引：0

作者：

Yu, Xiaofei ^{[1
]}

Li, Xiaohong ^{[1
]}

Mang, Qianqian ^{[1
]}

机构：

[1] Tianjin Univ, Sch Comp Sci & Technol, Tianjin 300072, Peoples R China

来源：

CONTEMPORARY RESEARCH ON E-BUSINESS TECHNOLOGY AND STRATEGY | 2012年 / 332卷

关键词：

Security Requirements; Asset; Threat; Security Functional Component; Common Criteria;

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

With the development of software technology, software security is receiving more and more attention. Security requirement is a key stage in the process of software development. In the present research, we propose a method to elicit security requirements; that is developed based on safety knowledge base. In the method, we perform analysis based on the asset, threat and Common Criteria security function components. Then, we summarize the relationship of the three. Based on this, we establish a safety knowledge base. Starting from the functional requirements of the application system, the system assets will be analyzed and matched automatically based on the established safety knowledge base, and finally we elicit the security requirements. The approach is very effective for the purpose of security requirement analysis, and elicits security requirements easily and efficiently. It will be very helpful for security software development.

引用

页码：109 / 121

页数：13

共 50 条

[31] Eliciting Security Requirements from the Business Processes Using Security Risk-Oriented Patterns
Matulevicius, Raimundas
Ahmed, Naved
IT-INFORMATION TECHNOLOGY, 2013, 55 (06): : 225 - 230
[32] FESR: A Framework for Eliciting Security Requirements based on Integration of Common Criteria and Weakness Detection Formal Model
Li, Hongbo
Li, Xiaohong
Hao, Jianye
Xu, Guangquan
Feng, Zhiyong
Xie, Xiaofei
2017 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY AND SECURITY (QRS), 2017, : 352 - 363
[33] A method to generate traverse paths for eliciting missing requirements
Nakatani, Takako
Goto, Hideo
Nakamura, Taichi
Shigo, Osamu
PROCEEDINGS OF THE AUSTRALASIAN COMPUTER SCIENCE WEEK MULTICONFERENCE (ACSW 2019), 2019,
[34] REQUIREMENTS FOR STANDARDS IN KNOWLEDGE BASE SYSTEMS
ATTARDI, G
LECTURE NOTES IN COMPUTER SCIENCE, 1990, 429 : 194 - 194
[35] Knowledge Base for an Intelligent System in order to Identify Security Requirements for Government Agencies Software Projects
Adan, Beltran G.
Cristhian, Lombana C.
Mario, Calvo L.
Sonia, Ordonez S.
Yaneth, Caviativa C.
Jairo, Garces
20TH INTERNATIONAL CONFERENCE ON CIRCUITS, SYSTEMS, COMMUNICATIONS AND COMPUTERS (CSCC 2016), 2016, 76
[36] Towards a Semantic Web-enabled Knowledge Base to Elicit Security Requirements for Misuse Cases
Hu, Haibo
Yang, Dan
Xiang, Hong
Fu, Li
Ye, Chunxiao
Li, Ren
WOSIS 2011: SECURITY IN INFORMATION SYSTEMS, 2011, : 103 - 112
[37] A method for eliciting, preserving, and sharing the knowledge of forecasters
Hoffman, Robert R.
Coffey, John W.
Ford, Kenneth M.
Novak, Joseph D.
WEATHER AND FORECASTING, 2006, 21 (03) : 416 - 428
[38] The method of Constructing Chinese Knowledge Base based on open source English Knowledge Base
He, Zhonghe
Gong, Yunbao
Gan, Liang
Chou, Xiaohui
PROCEEDINGS OF THE 2016 INTERNATIONAL CONFERENCE ON ECONOMICS, SOCIAL SCIENCE, ARTS, EDUCATION AND MANAGEMENT ENGINEERING (ESSAEME), 2016, 71 : 549 - 552
[39] Eliciting tacit knowledge from spoken discourse about requirements analysis
Zappavigna-Lee, Michele
Patrick, Jon
ORGANISATIONAL CHALLENGES FOR KNOWLEDGE MANAGEMENT, 2005, : 143 - 160
[40] Measuring IT security - A method based on common criteria's security functional requirements
Hunstad, A
Hallberg, J
Andersson, R
PROCEEDINGS FROM THE FIFTH IEEE SYSTEMS, MAN AND CYBERNETICS INFORMATION ASSURANCE WORKSHOP, 2004, : 226 - 233

← 1 2 3 4 5 →