Towards a comprehensive framework for secure systems development

Part of book or chapter of book English OPEN
Mouratidis, Haralambos ; Jurjens, Jan ; Fox, Jorge (2006)
  • Publisher: LNCS 4001 pp

Security involves technical as well as social challenges. In the development of security-critical applications, system developers must consider both the technical and the social parts. To achieve this, security issues must be considered during the whole development life-cycle of an information system. This paper presents an approach that allows developers to consider both the social and the technical dimensions of security through a structured and well defined process. In particular, the proposed approach takes the high-level concepts and modelling activities of the secure Tropos methodology and enriches them with a low level security-engineering ontology and models derived from the UMLsec approach. A real case study from the e-commerce sector is employed to demonstrate the applicability of the approach.
  • References (24)
    24 references, page 1 of 3

    John Wiley & Sons, New York, 2001.

    In Proceedings of the 8th ACM symposium on Access Control Models and Technologies, Como, Italy, 2003

    Bresciani, P. Giorgini, P., Giunchiglia, F., Mylopoulos, J., Perini, A., TROPOS: An Agent Oriented Software Development Methodology. In Journal of Autonomous Agents and Multi-Agent Systems, Kluwer Academic Publishers Volume 8, Issue 3, Pages 203-236, 2004

    CEPSCO, Common Electronic Purse Specifications, Business Requirements ver. 7, Functional Requirements ver. 6.3, Technical Specification ver. 2.2. Available from http://www.cepsco.com [2000].

    5. Crook, R., Ince, D., Lin, L., Nuseibeh, B., Security Requirements Engineering: When Antirequirements Hit the Fan, In Proceedings of the 10th International Requirements Engineering Conference, pp. 203-205, IEEE Press, 2002

    6. Cysneiros, L.M. Sampaio do Prado Leite, J.P., Nonfunctional Requirements: From Elicitation to Conceptual Models. IEEE Trans. Software Eng. 30(5): 328-350 (2004)

    7. Devanbu, P., Stubblebine, S., Software Engineering for Security: a Roadmap. In Proceedings of ICSE 2000 (“the conference of the future of Software engineering”), 2000.

    8. Giorgini, P., Massacci, F., Mylopoulos, J., Requirements Engineering meets Security: A Case Study on Modelling Secure Electronic Transactions by VISA and Mastercard, in Proceedings of the International Conference on Conceptual Modelling (ER), LNCS 2813, pp. 263-276, Springer-Verlag, 2003.

    9. Hermann, G. Pernul, G., Viewing business-process security from different perspectives. International Journal of electronic Commence 3:89-103, 1999

    10. Jürjens, J., Shabalin, P., Tools for Critical Systems Development with UML (Tool Demo), UML 2004 Satellite Events, Nuno Jardim Nunes, Bran Selic, Alberto Silva, Ambrosio Toval (eds.), LNCS, Springer-Verlag 2004E. [Accessible at http://www.UMLsec.org. Protected content can be accessed as user: Reader, with password: Ihavethebook]. Available as open-source.

  • Metrics
    0
    views in OpenAIRE
    0
    views in local repository
    60
    downloads in local repository

    The information is available from the following content providers:

    From Number Of Views Number Of Downloads
    ROAR at University of East London - IRUS-UK 0 60
Share - Bookmark