论文信息 - An Evaluation of A-SQUARE for COTS Acquisition

An Evaluation of A-SQUARE for COTS Acquisition

Developed by the Software Engineering Institute (SEI) at Carnegie Mellon University, Software Quality Requirements Engineering for Acquisition (A-SQUARE) is a methodology used for eliciting and prioritizing security requirements as part of the acquisition process. In the project described in this paper, we evaluated the effectiveness of the A-SQUARE method by applying it to a COTS product for the advanced metering infrastructure of a smart grid. We evaluated the ability of the A-SQUARE method to identify security requirements for the COTS product; identify candidate COTS products; elicit, categorize, and prioritize security requirements; prioritize COTS products; and select a COTS product. We also evaluated the usability of the A-SQUARE tool using qualitative evaluation criteria. 404BCMU/SEI-2014-TN-003 | v

Nancy R. Mead | Sidhartha Mani

[1] Mario Piattini,et al. Applying a Security Requirements Engineering Process , 2006, ESORICS.

[2] Dirk Fox,et al. Open Web Application Security Project , 2006, Datenschutz und Datensicherheit - DuD.

[3] HaleyCharles,et al. Security Requirements Engineering , 2008 .

[4] M. Pursley. Report Documentation Page Form Approved Omb No. 0704-0188 Please Do Not Return Your Form to the above Address. 1. Report Date (dd-mm-yyyy) Final Technical Report Receiver Statistics for Cognitive Radios in Dynamic Spectrum Access Networks Onr , 2007 .

[5] Haralambos Mouratidis,et al. Modelling security and trust with Secure Tropos , 2006 .

[6] Arlene F. Minkiewicz. Security in a COTS-Based Software System , 2005 .

[7] Davor Svetinovic,et al. Evaluating the effectiveness of the security quality requirements engineering (SQUARE) method: a case study using smart grid advanced metering infrastructure , 2012, Requirements Engineering.

[8] M. Kochmann. Commercial off The Shelf ( COTS ) security issues and approaches , .

[9] F. Yuan,et al. SPONSORING / MONITORING AGENCY NAME(S) AND ADDRESS(ES) , 1999 .