A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities

被引:0
|
作者
Golnaz Elahi
Eric Yu
Nicola Zannone
机构
[1] University of Toronto,
来源
Requirements Engineering | 2010年 / 15卷
关键词
Security requirements engineering; Risk analysis; Agent-oriented software engineering; Empirical security knowledge;
D O I
暂无
中图分类号
学科分类号
摘要
Many security breaches occur because of exploitation of vulnerabilities within the system. Vulnerabilities are weaknesses in the requirements, design, and implementation, which attackers exploit to compromise the system. This paper proposes a methodological framework for security requirements elicitation and analysis centered on vulnerabilities. The framework offers modeling and analysis facilities to assist system designers in analyzing vulnerabilities and their effects on the system; identifying potential attackers and analyzing their behavior for compromising the system; and identifying and analyzing the countermeasures to protect the system. The framework proposes a qualitative goal model evaluation analysis for assessing the risks of vulnerabilities exploitation and analyzing the impact of countermeasures on such risks.
引用
收藏
页码:41 / 62
页数:21
相关论文
共 50 条
  • [31] An Improved Requirements Engineering Framework for Cloud Based Application Development
    Rana, Muhammad Ehsan
    Dauren, Jumagaliyev
    Kumaran, Siwa
    2015 IEEE STUDENT CONFERENCE ON RESEARCH AND DEVELOPMENT (SCORED), 2015, : 702 - 709
  • [32] iRE: A Semantic Network based Interactive Requirements Engineering Framework
    Ahmed, Kushal
    Wen, Lian
    Sattar, Abdul
    2014 SECOND WORLD CONFERENCE ON COMPLEX SYSTEMS (WCCS), 2014, : 171 - 177
  • [33] A concept for engineering smart grid security requirements based on SGAM models
    Neureiter, Christian
    Eibl, Guenther
    Engel, Dominik
    Schlegel, Stefanie
    Uslar, Mathias
    COMPUTER SCIENCE-RESEARCH AND DEVELOPMENT, 2016, 31 (1-2): : 65 - 71
  • [34] Secure Information Systems development -: Based on a security requirements engineering process
    Mellado, Daniel
    Fernandez-Medina, Eduardo
    Piattini, Mario
    SECRYPT 2006: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, 2006, : 467 - +
  • [35] Security Requirements Engineering Framework with BPMN 2.0.2 Extension Model for Development of Information Systems
    Zareen, Saima
    Akram, Adeel
    Ahmad Khan, Shoab
    APPLIED SCIENCES-BASEL, 2020, 10 (14):
  • [36] A framework to support selection of cloud providers based on security and privacy requirements
    Mouratidis, Haralambos
    Islam, Shareeful
    Kalloniatis, Christos
    Gritzalis, Stefanos
    JOURNAL OF SYSTEMS AND SOFTWARE, 2013, 86 (09) : 2276 - 2293
  • [37] A conceptual framework for crowdsourcing requirements engineering in SCRUM-based environment
    Alatawi, Mohammed Naif
    IET SOFTWARE, 2023, 17 (04) : 610 - 619
  • [38] A Modular Requirements Engineering Framework for Web-based Toolchain Integration
    Darimont, Robert
    Zhao, Wei
    Ponsard, Christophe
    Michot, Arnaud
    2016 IEEE 24TH INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE (RE), 2016, : 405 - 406
  • [39] A goal-driven and agent-based requirements engineering framework
    Donzelli, P
    REQUIREMENTS ENGINEERING, 2004, 9 (01) : 16 - 39
  • [40] The application of an intelligent requirements engineering tool in an agent-based framework
    Eberlein, A
    Kremer, R
    2000 CANADIAN CONFERENCE ON ELECTRICAL AND COMPUTER ENGINEERING, CONFERENCE PROCEEDINGS, VOLS 1 AND 2: NAVIGATING TO A NEW ERA, 2000, : 220 - 224
12345