Research Article

Security Requirements Engineering – A Strategic Approach

by  Chandrabose A, Dr Alagarsamy K
journal cover
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 13 - Issue 3
Published: January 2011
Authors: Chandrabose A, Dr Alagarsamy K
10.5120/1760-2410
PDF

Chandrabose A, Dr Alagarsamy K . Security Requirements Engineering – A Strategic Approach. International Journal of Computer Applications. 13, 3 (January 2011), 25-32. DOI=10.5120/1760-2410 

                        @article{ 10.5120/1760-2410,
                        author  = { Chandrabose A,Dr Alagarsamy K },
                        title   = { Security Requirements Engineering – A Strategic Approach },
                        journal = { International Journal of Computer Applications },
                        year    = { 2011 },
                        volume  = { 13 },
                        number  = { 3 },
                        pages   = { 25-32 },
                        doi     = { 10.5120/1760-2410 },
                        publisher = { Foundation of Computer Science (FCS), NY, USA }
                        }
                        %0 Journal Article
                        %D 2011
                        %A Chandrabose A
                        %A Dr Alagarsamy K
                        %T Security Requirements Engineering – A Strategic Approach%T 
                        %J International Journal of Computer Applications
                        %V 13
                        %N 3
                        %P 25-32
                        %R 10.5120/1760-2410
                        %I Foundation of Computer Science (FCS), NY, USA
Abstract

Although security requirements engineering has recently attracted increasing attention, it has lacked a context in which to operate. A number of papers have described how security requirements may be violated, but apart from a few hints in the general literature, none have described satisfactorily what security requirements are.

References
  • Baskerville, R. (1993). "Information Systems Security Design Methods: Implications for Information Systems Development." ACM Computing Surveys 25(4): 375-414.
  • Lee, Y., J. Lee, et al. (2002). "Integrating Software Lifecycle Process Standards with Seurity Engineering." Computers & Security 21(4): 345-355.
  • Heitmeyer, C. (2001). Applying `Practical' Formal Methods to the Specification and Analysis of Security Properties. Information Assurance in Computer Networks (MMM-ACNS 2001), St. Petersburg, Russia, Springer-Verlag.
  • McDermott, J. and C. Fox (1999). Using Abuse Case Models for Security Requirements Analysis. Annual Computer Security Applications Conference, Phoenix, Arizona.
  • Sindre, G. and A. L. Opdahl (2000). Eliciting Security Requirements by Misuse Cases. 37th International Conference on Technology of Object-Oriented Languages and Systems (TOOLS-PACIFIC 2000), IEEE Computer Society Press.
  • Alexander, I. (2002). "Misuse Cases in Systems Engineering." Computing and Control Engineering Journal 13(6): 289-297.
  • Liu, L., E. Yu, et al. (2003). Security and Privacy Requirements Analysis within a Social Setting. RE'03 - 11th IEEE International Requirements Engineering Conference, Monterey Bay, CA, USA.
  • van Lamsweerde, A. and E. Letier (2000). "Handling Obstacles in Goal-Oriented Requirements Engineering." IEEE Transactions on Software Engineering 26(10): 978-1005.
  • Antón, A. I. and J. B. Earp (2001). Strategies for Developing Policies and Requirements for Secure E-Commerce Systems. Recent Advances in E-Commerce Security and Privacy. A. K. Ghosh, Kluwer Academic Publishers: 29-46.
  • Kotonya, G. and I. Sommerville (1998). Requirements Engineering - Processes and Techniques, John Wiley. ISBN 0 471 97208 8.
  • Rushby, J. (2001). Security Requirements Specifications: How and What? Symposium on Requirements Engineering for Information Security (SREIS), Indianapolis.
  • Anderson, R. (1996). Security in Clinical Information Systems. IEEE Symposium on Security and Privacy, Oakland, CA.
  • Dardenne, A., A. van Lamsweerde, et al. (1993). "Goal-directed Requirements Acquisition." Science of Computer Programming 20: 3-50.
  • Peltier, T. (2001). Information Security Risk Analysis, Auerbach. ISBN 0-8493-0880-1.
  • Nuseibeh, B. A. (2001). "Weaving Together Requirements and Architectures." IEEE Computer 34(3): 115-117.
  • Mitnick, K. (2002). The Art of Deception: Controlling the Human Element of Security, John Wiley & Sons Inc. ISBN 0471237124.
  • Jackson, M. (2000). Problem Frames: Analysing and Structuring Software DevelopmentProblems, Addison Wesley. ISBN 020159627X.
  • Leveson, N. G. (1995). Safeware: System Safety and Computers, Addison Wesley. ISBN 02011 19722.
  • Zwicky, E. D., S. Cooper, et al. (2000). Building Internet Firewalls, O'Reilly UK. ISBN 1565928717.
  • Brewer, D. F. C. and M. J. Nash (1989). The Chinese Wall Security Policy. IEEE Symposium on Security and Privacy, Oakland, CA, IEEE Computer Society Press.
Index Terms
Computer Science
Information Sciences
No index terms available.
Keywords

Security Requirements Problem frames Requirements Engineering Non-functional Requirements

Powered by PhDFocusTM