Analysis and Component-based Realization of Security Requirements

We present a process to develop secure software with an extensive pattern-based security requirements engineering phase. It supports identifying and analyzing conflicts between different security requirements. In the design phase, we proceed by selecting security software components that achieve security requirements. The process enables software developers to systematically identify, analyze, and finally realize security requirements using security software components. We illustrate our approach by a lawyer agency software example.

[1]  Ruth Breu,et al.  Security-critical system development with extended use cases , 2003, Tenth Asia-Pacific Software Engineering Conference, 2003..

[2]  Kazutoshi Sumiya,et al.  An Interval Ranking Method of Multimedia Presentation based on Relative Query Keyword Position , 2007 .

[3]  Maritta Heisel,et al.  A Security Engineering Process based on Patterns , 2007 .

[4]  Haralambos Mouratidis,et al.  Secure Tropos: a Security-Oriented Extension of the Tropos Methodology , 2007, Int. J. Softw. Eng. Knowl. Eng..

[5]  Bashar Nuseibeh,et al.  Introducing abuse frames for analysing security requirements , 2003, Proceedings. 11th IEEE International Requirements Engineering Conference, 2003..

[6]  Helen M. Edwards,et al.  Problem frames: analyzing and structuring software development problems , 2002, Softw. Test. Verification Reliab..

[7]  Maritta Heisel,et al.  A Pattern System for Security Requirements Engineering , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[8]  Michael A. Jackson,et al.  Problem Frames - Analysing and Structuring Software Development Problems , 2000 .

[9]  Maritta Heisel,et al.  Security Engineering Using Problem Frames , 2006, ETRICS.

[10]  Thomas Santen,et al.  Eliciting confidentiality requirements in practice , 2005, CASCON.

[11]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[12]  Axel van Lamsweerde,et al.  From system goals to intruder anti-goals: attack generation and resolution for security requirements engineering , 2003 .

[13]  Bashar Nuseibeh,et al.  A framework for security requirements engineering , 2006, SESS '06.

[14]  Fausto Giunchiglia,et al.  Tropos: An Agent-Oriented Software Development Methodology , 2004, Autonomous Agents and Multi-Agent Systems.

[15]  Maritta Heisel,et al.  Enhancing Dependability of Component-Based Systems , 2007, Ada-Europe.