Security Requirements Engineering

This paper presents a framework for security requirements elicitation and analysis, based upon the construction of a context for the system, representation of security requirements as constraints, ...

[1]  John P. McDermott,et al.  Using abuse case models for security requirements analysis , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[2]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[3]  Len LaPadula,et al.  Secure Computer Systems: A Mathematical Model , 1996 .

[4]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[5]  Jonathan D. Moffett Requirements and Policies , 1999 .

[6]  Annie I. Antón,et al.  The role of policy and stakeholder privacy values in requirements engineering , 2001, Proceedings Fifth IEEE International Symposium on Requirements Engineering.

[7]  Ravi S. Sandhu,et al.  Conceptual foundations for a model of task-based authorizations , 1994, Proceedings The Computer Security Foundations Workshop VII.

[8]  Leonard J. LaPadula,et al.  MITRE technical report 2547, volume II , 1996 .

[9]  Ravi S. Sandhu,et al.  Lattice-based models for controlled sharing of confidential information in the Saudi Hajj system , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[10]  Lawrence Chung,et al.  Dealing with Security Requirements During the Development of Information Systems , 1993, CAiSE.

[11]  A. Antón,et al.  Strategies for Developing Policies and Requirements for Secure Electronic Commerce Systems , 2000 .

[12]  Axel van Lamsweerde,et al.  Handling Obstacles in Goal-Oriented Requirements Engineering , 2000, IEEE Trans. Software Eng..