论文信息 - Towards usable cyber security requirements

Towards usable cyber security requirements

Security has become a primary and prevalent concern for software systems. The past decade has witnessed a tremendous increase in not only the sheer number of attacks but also the ease with which attacks can be performed on systems. In this paper we exemplify the usage of a novel technique for developing security requirements, by demonstrating each step in the technique when applied to an example usage scenario. Furthermore, this new technique also provides support for deriving testing artifacts from the specified security requirements. We believe that in order to protect a system against harm (intended or not), attention must be given to its requirements. Similar to other system properties and quality attributes, security must be considered at the requirements.

[1] Julia H. Allen,et al. Governing for Enterprise Security , 2005 .

[2] N. Hallberg,et al. The Usage-Centric Security Requirements Engineering (USeR) Method , 2006, 2006 IEEE Information Assurance Workshop.

[3] M. Eltoweissy,et al. Goal-Oriented, B-Based Formal Derivation of Security Design Specifications from Security Requirements , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[4] John Viega. Building security requirements with CLASP , 2005, SOEN.

[5] Martyn Fletcher,et al. Applying Security Design Analysis to a service‐based system , 2005, Softw. Pract. Exp..

[6] Ivar Jacobson,et al. Object-oriented software engineering - a use case driven approach , 1993, TOOLS.