Evaluation of a Security and Privacy Requirements Methodology Using the Physics of Notation

被引：0

作者：

Diamantopoulou, Vasiliki ^{[1
]}

Pavlidis, Michalis ^{[1
]}

Mouratidis, Haralambos ^{[1
]}

机构：

[1] Univ Brighton, Sch Comp Engn & Math, Brighton, E Sussex, England

来源：

COMPUTER SECURITY, 2017 | 2018年 / 10683卷

关键词：

Security requirements engineering; Privacy requirements engineering; Physics of Notation; Evaluation; FRAMEWORK; DIAGRAM; MODELS; WORDS;

D O I：

10.1007/978-3-319-72817-9_14

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Security and Privacy Requirements Methodologies are considered an important part of the development process of systems, especially for the ones that contain and process a large amount of critical information and inevitably needs to remain secure and thus, ensuring privacy. These methodologies provide techniques, methods, and norms for tackling security and privacy issues in Information Systems. In this process, the utilisation of effective, clear and understandable modelling languages with sufficient notation is of utmost importance, since the produced models are used not only among IT experts or among security specialists, but also for communication among various stakeholders, in business environments or among novices in an academic environment. This paper evaluates the effectiveness of a Security and Privacy Requirements Engineering methodology, namely Secure Tropos on the nine principles of the Theory of Notation. Our qualitative analysis revealed a partial satisfaction of these principles.

引用

页码：210 / 225

页数：16

共 50 条

[31] Evaluating existing security and privacy requirements for legal compliance
Massey, Aaron K.
Otto, Paul N.
Hayward, Lauren J.
Anton, Annie I.
[J]. REQUIREMENTS ENGINEERING, 2010, 15 (01) : 119 - 137
[32] Requirements Engineering for Security, Privacy and Services in Cloud Environments
Gritzalis, Stefanos
Liu, Lin
[J]. REQUIREMENTS ENGINEERING, 2013, 18 (04) : 297 - 298
[33] Security and Privacy Requirements Engineering for Human Centric IoT Systems using eFRIEND and Isabelle
Kammuller, Florian
Augusto, Juan C.
Jones, Simon
[J]. 2017 IEEE/ACIS 15TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING RESEARCH, MANAGEMENT AND APPLICATIONS (SERA), 2017, : 401 - 406
[34] Which Security Requirements Engineering Methodology Should I Choose? Towards a Requirements Engineering-based Evaluation Approach
Bulusu, Sravani Teja
Laborde, Romain
Wazan, Ahmad Samer
Barrere, Francois
Benzekri, Abdelmalek
[J]. PROCEEDINGS OF THE 12TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY (ARES 2017), 2017,
[35] Privacy preserving mechanisms for enforcing security and privacy requirements in E-health solutions
Pussewalage, Harsha S. Gardiyawasam
Oleshchuk, Vladimir A.
[J]. INTERNATIONAL JOURNAL OF INFORMATION MANAGEMENT, 2016, 36 (06) : 1161 - 1173
[36] An evaluation methodology for the security of cryptosystems
Laabidi, Selma
Robisson, Bruno
Agoyan, Michel
[J]. PRIME: 2008 PHD RESEARCH IN MICROELECTRONICS AND ELECTRONICS, PROCEEDINGS, 2008, : 113 - 115
[37] Using a security requirements engineering methodology in practice: The compliance with the Italian data protection legislation
Massacci, F
Prest, M
Zannone, N
[J]. COMPUTER STANDARDS & INTERFACES, 2005, 27 (05) : 445 - 455
[38] Security and privacy of EHR systems - Ethical, social and legal requirements
Kluge, EHW
[J]. ADVANCED HEALTH TELEMATICS AND TELEMEDICINE: THE MAGDEBURG EXPERT SUMMIT TEXTBOOK, 2003, 96 : 121 - 127
[39] Configuring Data Flows in the Internet of Things for Security and Privacy Requirements
Logrippo, Luigi
Stambouli, Abdelouadoud
[J]. FOUNDATIONS AND PRACTICE OF SECURITY, FPS 2018, 2019, 11358 : 115 - 130
[40] STORE: Security Threat Oriented Requirements Engineering Methodology
Ansari, Md Tarique Jamal
Pandey, Dhirendra
Alenezi, Mamdouh
[J]. JOURNAL OF KING SAUD UNIVERSITY-COMPUTER AND INFORMATION SCIENCES, 2022, 34 (02) : 191 - 203

← 1 2 3 4 5 →