2009
DOI: 10.1007/s00766-009-0093-9
|View full text |Cite
|
Sign up to set email alerts
|

Eliciting security requirements and tracing them to design: an integration of Common Criteria, heuristics, and UMLsec

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
60
0
1

Year Published

2014
2014
2024
2024

Publication Types

Select...
4
4
1

Relationship

1
8

Authors

Journals

citations
Cited by 106 publications
(61 citation statements)
references
References 48 publications
0
60
0
1
Order By: Relevance
“…Also, an additional specific cryptography-related information are extracted from different types of diagrams. The Dolev-Yao model of an attacker is included with UMLsec to model the interaction with the outside environment [43]. In [44], Jürjens verifies UMLsec models for security requirements: authentication, confidentiality, integrity, availability, and secrecy.…”
Section: Specification Of Security Requirementsmentioning
confidence: 99%
“…Also, an additional specific cryptography-related information are extracted from different types of diagrams. The Dolev-Yao model of an attacker is included with UMLsec to model the interaction with the outside environment [43]. In [44], Jürjens verifies UMLsec models for security requirements: authentication, confidentiality, integrity, availability, and secrecy.…”
Section: Specification Of Security Requirementsmentioning
confidence: 99%
“…Moreover, we have used our previous work in that area [5,11,[34][35][36][37][38][39] and we have also identified new concepts based on our analysis of the critical areas presented in the previous section. Finally we link these properties with the threats and issues relating to critical areas in cloud.…”
Section: Security and Privacy Properties And Threatsmentioning
confidence: 99%
“…The approach supports the analysis of security from the Requirements Engineering phase. Houmb et al introduced the SecReq approach to elicit, analyse and trace security requirements, starting from the requirements engineering phase to design [39]. A misuse case driven approach is used to establish visual links between use cases and misuse cases for eliciting security requirements at an early stage of the development [10].…”
Section: Related Workmentioning
confidence: 99%
“…For example, Secure Tropos an extension of Tropos methodology proposed in [3] employs the concepts of security constraint, and secure dependency in order to model and analyze security issues during the requirements engineering phase. Similarly, the SecReq approach introduced in [4] describes a systematic approach to derive security requirements from system security objectives. In [5] misuse cases are used in order to represent security threats and to identify ''security use cases'', i.e., countermeasures that mitigate the threats.…”
Section: Related Workmentioning
confidence: 99%