z-logo
Premium
From goal‐driven security requirements engineering to secure design
Author(s) -
Mouratidis Haralambos,
Jurjens Jan
Publication year - 2010
Publication title -
international journal of intelligent systems
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 1.291
H-Index - 87
eISSN - 1098-111X
pISSN - 0884-8173
DOI - 10.1002/int.20432
Subject(s) - security engineering , computer science , requirements engineering , requirements elicitation , requirements analysis , computer security model , security testing , software security assurance , requirement , process (computing) , non functional requirement , systems engineering , computer security , software engineering , risk analysis (engineering) , security information and event management , security service , software , cloud computing security , information security , software system , engineering , software construction , cloud computing , medicine , programming language , operating system
Security of intelligent software systems is an important area of research. Although security is traditionally considered a technical issue; security is, in fact, a two‐dimensional problem, which involves technical as well as social challenges. Goal‐driven requirements engineering (GDRE) has been proposed in the literature as a suitable paradigm for the analysis of security issues and elicitation of security requirements at both the social and technical level. Nevertheless, there is lack of approaches, which would support the successful transformation of the elicited, using GDRE approaches, security requirements to design. This paper presents work that fills this gap. The presented approach, which is based on the integration of a goal‐driven security requirements engineering (GDSRE) methodology and a model‐based security engineering (MBSE) method, has some important features: (1) It provides a structured process to translate the results of the GDSRE method to a design, which satisfies these requirements; (2) it allows the simultaneous elicitation and analysis of the security requirements and the functional requirements of the system; (3) it allows consideration of both the social and the technical dimensions of the system's security; (4) it guides software engineers toward a design that is amenable to formal verification with the aid of automated tools. We demonstrate the applicability of the proposed approach at the hand of an application to the electronic purse standard common electronic purse specifications (released by Visa International and others). © 2010 Wiley Periodicals, Inc.

This content is not available in your region!

Continue researching here.

Having issues? You can contact us here