论文信息 - Engineering secure software by modelling privacy and security requirements

Engineering secure software by modelling privacy and security requirements

Requirements are individual statements, usually expressed in a form of natural language, specifying the behaviour and constraints of a proposed system. Due to the intrinsic value of correct requirements, it is therefore essential for the process to be implemented correctly and that the requirements themselves reflect the true needs of the proposed system. The majority of developed systems introduce the concerns of privacy and security, however, traditional requirements engineering techniques have not addressed these issues appropriately. Further, the concepts of privacy, security, and the interrelated concept of trust, have not been accurately defined in terms of requirements engineering. Natural language is shown to be the most prevalent form of knowledge used to represent requirements, however, natural language introduces a number of inherent problems which can lead to ambiguity and specifications open to interpretation. When reasoning with privacy and security concerns the resulting specification should be both clear and concise in the stipulation of requirements. Therefore, before attempting to model privacy and security at the requirements engineering level, it is essential to have an understanding and appreciation of the issues involved. Consideration is given to the various concerns that would effect methodology development and once assessed a possible approach to modelling privacy and security requirements is highlighted.

M.N. Kreeger | I. Duncan | I. Duncan | M. N. Kreeger

[1] Ian Sommerville,et al. Requirements Engineering: Processes and Techniques , 1998 .

[2] Hans van Vliet,et al. Software engineering - principles and practice , 1993 .

[3] Gwm Matthias Rauterberg,et al. Moderation Instead of Modelling: Some Remarks about Formal and Informal Reengineering Methods , 1996 .

[4] Bertrand Meyer,et al. On Formalism in Specifications , 1985, IEEE Software.

[5] Simone Fischer-Hübner,et al. IT-Security and Privacy , 2001, Lecture Notes in Computer Science.

[6] Pierre Flener,et al. Specifications are necessarily informal or: Some more myths of formal methods , 1998, J. Syst. Softw..

[7] Ishbel Duncan,et al. Visualising Privacy and Security for Requirements Engineering , 2004, Software Engineering Research and Practice.

[8] Jonathan P. Bowen,et al. Seven More Myths of Formal Methods , 1995, IEEE Softw..

[9] Kate Finney,et al. Mathematical Notation in Formal Specification: Too Difficult for the Masses? , 1996, IEEE Trans. Software Eng..

[10] Barry W. Boehm,et al. Software Engineering Economics , 1993, IEEE Transactions on Software Engineering.

[11] S. Fischer-Hübner. IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms , 2001 .

[12] Premkumar T. Devanbu,et al. Software engineering for security: a roadmap , 2000, ICSE '00.

[13] David Harel,et al. On visual formalisms , 1988, CACM.