Security Requirements Engineering for Evolving Software Systems

Nhlabatsi, Armstrong; Nuseibeh, Bashar; Yu, Yijun

doi:10.4018/jsse.2010102004

Cited by 16 publications

(5 citation statements)

References 132 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several requirements engineering approaches have been proposed and they have been surveyed in (Nhlabatsi, Nuseibeh, & Yu, 2009). We categorize them in goal-oriented, problem-based and risk-based security requirements methods.…”

Section: Security Requirementsmentioning

confidence: 99%

Evolution of Security Engineering Artifacts

Felderer

Katt

Kalb

et al. 2014

International Journal of Secure Software Engineering

View full text Add to dashboard Cite

Security is an important quality aspect of modern open software systems. However, it is challenging to keep such systems secure because of evolution. Security evolution can only be managed adequately if it is considered for all artifacts throughout the software development lifecycle. This article provides state of the art on the evolution of security engineering artifacts. The article covers the state of the art on evolution of security requirements, security architectures, secure code, security tests, security models, and security risks as well as security monitoring. For each of these artifacts the authors give an overview of evolution and security aspects and discuss the state of the art on its security evolution in detail. Based on this comprehensive survey, they summarize key issues and discuss directions of future research.

show abstract

Section: Security Requirementsmentioning

confidence: 99%

Evolution of Security Engineering Artifacts

Felderer

Katt

Kalb

et al. 2014

International Journal of Secure Software Engineering

View full text Add to dashboard Cite

show abstract

“…Unlike the runtime-monitoring framework proposed by Salifu et al [10], in this work we concentrate on the analysis at the development time. Nhlabatsi et al [11] survey the literature on security requirements and software evolution, where the management of evolving security requirements is identified as an outstanding research issue.…”

Section: Aspect-oriented and Evolving Security Requirementsmentioning

confidence: 99%

Maintaining Security Requirements of Software Systems Using Evolving Crosscutting Dependencies

Saleem

Montrieux

et al. 2013

Aspect-Oriented Requirements Engineering

Self Cite

View full text Add to dashboard Cite

Security requirements are concerned with protecting assets of a system from harm. Implemented as code aspects to weave protection mechanisms into the system, security requirements need to be validated when changes are made to the programs during system evolution. However, it was not clear for developers whether existing validation procedures such as test cases are sufficient for security and when the implemented aspects need to adapt. In this chapter, we propose an approach for detecting any change to the satisfaction of security requirements in three steps: (1) identify the asset variables in the systems that are only accessed by a join-point method; (2) trace these asset variables to identify both control and data dependencies between the non-aspect and aspect functions; and (3) update the test cases according to implementation of these dependencies to strengthen the protection when a change happens. These steps are illustrated by a case study of a meeting scheduling system where security is a critical concern.

show abstract

“…Security requirements engineering: Several requirements engineering approaches for security engineering have been proposed [12], [13], and many of the approaches have been surveyed in [14], and here we briefly recall some of them to put this work into context.…”

Section: Related Workmentioning

confidence: 99%

“…ATMSystem M: " A i r T r a f f i c Management System " 9 10 O p e r a t o r B : "ATC O p e r a t o r " 11 12 O p e r a t o r − > ATMSystem : " a " 13 14 ATMSystem − > A i r c r a f t : " b " 15 16 HasWData˜> A i r c r a f t : " r " …”

Section: A Concrete Syntaxmentioning

confidence: 99%

Model-Based Argument Analysis for Evolving Security Requirements

Tun

Haley

et al. 2010

2010 Fourth International Conference on Secure Software Integration and Reliability Improvement

Self Cite

View full text Add to dashboard Cite

Software systems are made to evolve in response to changes in their contexts and requirements. As the systems evolve, security concerns need to be analysed in order to evaluate the impact of changes on the systems. We propose to investigate such changes by applying a meta-model of evolving security requirements, which draws on requirements engineering approaches, security analysis, argumentation and software evolution. In this paper, we show how the meta-model can be instantiated using a formalism of temporal logic, called the Event Calculus. The main contribution is a model based approach to argument analysis, supported by a tool which generates templates for formal descriptions of the evolving system. We apply our approach to several examples from an Air Traffic Management case study.

show abstract

Security Requirements Engineering for Evolving Software Systems

Cited by 16 publications

References 132 publications

Evolution of Security Engineering Artifacts

Evolution of Security Engineering Artifacts

Maintaining Security Requirements of Software Systems Using Evolving Crosscutting Dependencies

Model-Based Argument Analysis for Evolving Security Requirements

Contact Info

Product

Resources

About