Analyzing and Enforcing Security Mechanisms on Requirements Specifications

被引：2

作者：

Li, Tong ^{[1
]}

Horkoff, Jennifer ^{[1
]}

Mylopoulos, John ^{[1
]}

机构：

[1] Univ Trento, Trento, Italy

来源：

REQUIREMENTS ENGINEERING: FOUNDATION FOR SOFTWARE QUALITY ( REFSQ 2015) | 2015年 / 9013卷

关键词：

D O I：

10.1007/978-3-319-16101-3_8

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

[Context and motivation] Security mechanisms, such as firewalls and encryption, operationalize security requirements, such as confidentiality and integrity. [Question/problem] Although previous work has pointed out that the application of a security mechanism affects system specifications, there is no systematic approach to describe and analyze this impact. [Principal ideas/results] In this paper, we investigate more than 40 security mechanisms that are well documented in security pattern repositories in order to better understand what they are and how they function. [Contribution] Based on this study, we propose a conceptual model for security mechanisms, and evaluate this model against 20 security mechanisms. Using the conceptual model, we provide a systematic process for analyzing and enforcing security mechanisms on system requirements. We also develop a prototype tool to facilitate the application and evaluation of our approach.

引用

页码：115 / 131

页数：17

共 50 条

[1] Privacy preserving mechanisms for enforcing security and privacy requirements in E-health solutions
Pussewalage, Harsha S. Gardiyawasam
Oleshchuk, Vladimir A.
INTERNATIONAL JOURNAL OF INFORMATION MANAGEMENT, 2016, 36 (06) : 1161 - 1173
[2] Analyzing OpenAPI Specifications for Security Design Issues
Cheh, Carmen
Chen, Binbin
2021 IEEE SECURE DEVELOPMENT CONFERENCE (SECDEV 2021), 2021, : 15 - 22
[3] Requirements and Specifications for Adaptive Security: Concepts and Analysis
Tun, T. T.
Yang, M.
Bandara, A. K.
Yu, Y.
Nhlabatsi, A.
Khan, N.
Khan, K. M.
Nuseibeh, B.
2018 IEEE/ACM 13TH INTERNATIONAL SYMPOSIUM ON SOFTWARE ENGINEERING FOR ADAPTIVE AND SELF-MANAGING SYSTEMS (SEAMS), 2018, : 161 - 171
[4] Analyzing security-enhanced Linux policy specifications
Archer, M
Leonard, E
Pradella, M
IEEE 4TH INTERNATIONAL WORKSHOP ON POLICIES FOR DISTRIBUTED SYSTEMS AND NETWORKS, PROCEEDINGS, 2003, : 158 - 169
[5] EDSGuard: Enforcing Network Security Requirements for Energy Delivery Systems
Coughlin, Vu
Rubio-Medrano, Carlos
Zhao, Ziming
Ahn, Gail-Joon
2018 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS, CONTROL, AND COMPUTING TECHNOLOGIES FOR SMART GRIDS (SMARTGRIDCOMM), 2018,
[6] A FORMAL MODEL FOR ANALYZING THE SCR-STYLE REQUIREMENTS SPECIFICATIONS
Xu Yu
WuhanUniversityJournalofNaturalSciences, 1998, (02) : 142 - 142
[7] Analyzing and Evaluating Security Features in Software Requirements
Malhotra, Ruchika
Chug, Anuradha
Hayrapetian, Allenoush
Raje, Rajeev
2016 1ST INTERNATIONAL CONFERENCE ON INNOVATION AND CHALLENGES IN CYBER SECURITY (ICICCS 2016), 2016, : 26 - 30
[8] Analyzing Security Requirements in Timed Workflow Processes
Du, Yanhua
Wang, Yang
Yang, Benyuan
Hu, Hesuan
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2022, 19 (01) : 190 - 207
[9] Analyzing regulatory rules for privacy and security requirements
Breaux, Travis D.
Anton, Annie I.
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2008, 34 (01) : 5 - 20
[10] Analyzing the Impact of Assessing Requirements Specifications on the Software Development Life Cycle
AbuSalim, Samah W. G.
Ibrahim, Rosziati
Mostafa, Salama A.
Wahab, Jahari Abdul
COMPUTATIONAL SCIENCE AND ITS APPLICATIONS - ICCSA 2020, PT VI, 2020, 12254 : 632 - 648

← 1 2 3 4 5 →