Security requirements elicitation via weaving scenarios based on security evaluation criteria

被引:0
|
作者
Itoga, Hiroya [1 ]
Ohnishi, Atsushi [1 ]
机构
[1] Ritsumeikan Univ, Dept Comp Sci, Shiga 5258577, Japan
来源
USIC 2007: PROCEEDINGS OF THE SEVENTH INTERNATIONAL CONFERENCE ON QUALITY SOFTWARE | 2007年
关键词
requirements elicitation; security requirements; scenario analysis; aspect-oriented software development;
D O I
暂无
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Software is required to comply with the laws and standards of software security. However, stakeholders with less concern regarding security can neither describe the behaviour of the system with regard to security nor validate the system's behaviour when the security function conflicts with usability. Scenarios or use-case specifications are common in requirements elicitation and are useful to analyse the usability of the system from a behavioural point of view. In this paper, the authors propose a method to weave scenario fragments based on security evaluation criteria into scenarios. The experiments showed that the weaving method led to a better scenario than the method involving writing or modifying the scenario with reference to security evaluation criteria.
引用
收藏
页码:70 / 79
页数:10
相关论文
共 50 条
  • [1] Security Requirements Elicitation Using Method Weaving and Common Criteria
    Saeki, Motoshi
    Kaiya, Haruhiko
    [J]. MODELS IN SOFTWARE ENGINEERING, 2009, 5421 : 185 - +
  • [2] A Security Ontology for Security Requirements Elicitation
    Souag, Amina
    Salinesi, Camille
    Mazo, Raul
    Comyn-Wattiau, Isabelle
    [J]. ENGINEERING SECURE SOFTWARE AND SYSTEMS (ESSOS 2015), 2015, 8978 : 157 - 175
  • [3] Security Requirements Elicitation and Modeling Authorizations
    Goel, Rajat
    Govil, Mahesh Chandra
    Singh, Girdhari
    [J]. SECURITY IN COMPUTING AND COMMUNICATIONS, SSCC 2016, 2016, 625 : 239 - 250
  • [4] Problem-based Elicitation of Security Requirements The ProCOR Method
    Wirtz, Roman
    Heisel, Maritta
    Meis, Rene
    Omerovic, Aida
    Stolen, Ketil
    [J]. PROCEEDINGS OF THE 13TH INTERNATIONAL CONFERENCE ON EVALUATION OF NOVEL APPROACHES TO SOFTWARE ENGINEERING, 2018, : 26 - 38
  • [5] Argumentation-Based Security Requirements Elicitation: The Next Round
    Ionita, Dan
    Bullee, Jan-Willem
    Wieringa, Roel J.
    [J]. 2014 IEEE 1ST WORKSHOP ON EVOLVING SECURITY AND PRIVACY REQUIREMENTS ENGINEERING (ESPRE), 2014, : 7 - 12
  • [6] Problem-Based Security Requirements Elicitation and Refinement with PresSuRE
    Fassbender, Stephan
    Heisel, Maritta
    Meis, Rene
    [J]. SOFTWARE TECHNOLOGIES, ICSOFT 2014, 2015, 555 : 311 - 330
  • [7] An Ontology Based Collaborative Recommender System for Security Requirements Elicitation
    Williams, Imano
    [J]. 2018 IEEE 26TH INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE (RE 2018), 2018, : 448 - 453
  • [8] Measuring IT security - A method based on common criteria's security functional requirements
    Hunstad, A
    Hallberg, J
    Andersson, R
    [J]. PROCEEDINGS FROM THE FIFTH IEEE SYSTEMS, MAN AND CYBERNETICS INFORMATION ASSURANCE WORKSHOP, 2004, : 226 - 233
  • [9] Requirements Elicitation and Derivation of Security Policy Templates
    Rudolph, Manuel
    Feth, Denis
    Doerr, Joerg
    Spilker, Joerg
    [J]. 2016 IEEE 24TH INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE (RE), 2016, : 283 - 292
  • [10] Security Requirements Elicitation and Assessment Mechanism (SecREAM)
    Goel, Rajat
    Govil, M. C.
    Singh, Girdhari
    [J]. 2015 INTERNATIONAL CONFERENCE ON ADVANCES IN COMPUTING, COMMUNICATIONS AND INFORMATICS (ICACCI), 2015, : 1862 - 1866
12345