Securing the Skies: In Requirements We Trust

The authors describe their experiences applying a security requirements analysis to an air traffic control project using a framework that offers different forms of structured argumentation. In deploying the framework, they also learned several lessons about security requirements.

[1]  Ian F. Alexander,et al.  Misuse Cases: Use Cases with Hostile Intent , 2003, IEEE Softw..

[2]  Constance L. Heitmeyer Applying Practical Formal Methods to the Specification and Analysis of Security Properties , 2001, MMM-ACNS.

[3]  John Mylopoulos,et al.  Security and privacy requirements analysis within a social setting , 2003, Proceedings. 11th IEEE International Requirements Engineering Conference, 2003..

[4]  John P. McDermott,et al.  Using abuse case models for security requirements analysis , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[5]  Donald Firesmith,et al.  Common Concepts Underlying Safety, Security, and Survivability Engineering , 2003 .

[6]  Donald MacKenzie,et al.  Mechanizing Proof: Computing, Risk, and Trust , 2001 .

[7]  Bashar Nuseibeh,et al.  On modelling access policies: relating roles to their organisational context , 2005, 13th IEEE International Conference on Requirements Engineering (RE'05).

[8]  Bashar Nuseibeh,et al.  Security requirements engineering: when anti-requirements hit the fan , 2002, Proceedings IEEE Joint International Conference on Requirements Engineering.

[9]  Thomas Peltier,et al.  Information Security Risk Analysis: A Pedagogic Model Based on a Teaching Hospital , 2006 .

[10]  Martin Glinz,et al.  On Non-Functional Requirements , 2007, 15th IEEE International Requirements Engineering Conference (RE 2007).

[11]  Premkumar T. Devanbu,et al.  Software engineering for security: a roadmap , 2000, ICSE '00.

[12]  Bashar Nuseibeh,et al.  Security Requirements Engineering: A Framework for Representation and Analysis , 2008, IEEE Transactions on Software Engineering.

[13]  Michael A. Jackson,et al.  Problem Frames - Analysing and Structuring Software Development Problems , 2000 .

[14]  Ken Frazer,et al.  Building secure software: how to avoid security problems the right way , 2002, SOEN.

[15]  Nancy R. Mead,et al.  Security quality requirements engineering (SQUARE) methodology , 2005, SESS@ICSE.

[16]  John A. McDermid,et al.  A model for a causal logic for requirements engineering , 2005, Requirements Engineering.

[17]  Martin Gilje Jaatun,et al.  Security Requirements for the Rest of Us: A Survey , 2008, IEEE Software.

[18]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[19]  Jeannette M. Wing A symbiotic relationship between formal methods and security , 1998, Proceedings Computer Security, Dependability, and Assurance: From Needs to Solutions (Cat. No.98EX358).

[20]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[21]  Axel van Lamsweerde,et al.  Elaborating security requirements by construction of intentional anti-models , 2004, Proceedings. 26th International Conference on Software Engineering.

[22]  John Mylopoulos,et al.  Modeling security requirements through ownership, permission and delegation , 2005, 13th IEEE International Conference on Requirements Engineering (RE'05).

[23]  Paul Jones,et al.  Secrets and Lies: Digital Security in a Networked World , 2002 .

[24]  Ross J. Anderson How to cheat at the lottery (or, massively parallel requirements engineering) , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[25]  Bashar Nuseibeh,et al.  Weaving Together Requirements and Architectures , 2001, Computer.

[26]  Bashar Nuseibeh,et al.  Requirements engineering: a roadmap , 2000, ICSE '00.

[27]  Axel van Lamsweerde,et al.  Reasoning about confidentiality at requirements engineering time , 2005, ESEC/FSE-13.

[28]  原田 秀逸 私の computer 環境 , 1998 .