支持不断发展的安全模型，以实现敏捷的安全评估

2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE) Pub Date : 2014-09-08 DOI:10.1109/ESPRE.2014.6890525

Wolfgang Raschke, Massimiliano Zilli, Philip Baumgartner, Johannes Loinig, C. Steger, Christian Kreiner

{"title":"支持不断发展的安全模型，以实现敏捷的安全评估","authors":"Wolfgang Raschke, Massimiliano Zilli, Philip Baumgartner, Johannes Loinig, C. Steger, Christian Kreiner","doi":"10.1109/ESPRE.2014.6890525","DOIUrl":null,"url":null,"abstract":"At present, security-related engineering usually requires a big up-front design (BUFD) regarding security requirements and security design. In addition to the BUFD, at the end of the development, a security evaluation process can take up to several months. In today's volatile markets customers want to influence the software design during the development process. Agile processes have proven to support these demands. Nevertheless, there is a clash with traditional security design and evaluation processes. In this paper, we propose an agile security evaluation method for the Common Criteria standard. This method is complemented by an implementation of a change detection analysis for model-based security requirements. This system facilitates the agile security evaluation process to a high degree.","PeriodicalId":274809,"journal":{"name":"2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)","volume":"103 24","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"Supporting evolving security models for an agile security evaluation\",\"authors\":\"Wolfgang Raschke, Massimiliano Zilli, Philip Baumgartner, Johannes Loinig, C. Steger, Christian Kreiner\",\"doi\":\"10.1109/ESPRE.2014.6890525\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"At present, security-related engineering usually requires a big up-front design (BUFD) regarding security requirements and security design. In addition to the BUFD, at the end of the development, a security evaluation process can take up to several months. In today's volatile markets customers want to influence the software design during the development process. Agile processes have proven to support these demands. Nevertheless, there is a clash with traditional security design and evaluation processes. In this paper, we propose an agile security evaluation method for the Common Criteria standard. This method is complemented by an implementation of a change detection analysis for model-based security requirements. This system facilitates the agile security evaluation process to a high degree.\",\"PeriodicalId\":274809,\"journal\":{\"name\":\"2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)\",\"volume\":\"103 24\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-09-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ESPRE.2014.6890525\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ESPRE.2014.6890525","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

摘要

目前，与安全相关的工程通常需要对安全需求和安全设计进行大的预先设计(BUFD)。除了BUFD之外，在开发结束时，安全评估过程可能需要长达几个月的时间。在当今多变的市场中，客户希望在开发过程中影响软件设计。敏捷过程已经被证明能够支持这些需求。然而，这与传统的安全设计和评估过程存在冲突。本文针对通用准则标准提出了一种敏捷的安全评估方法。此方法由基于模型的安全需求的变更检测分析的实现来补充。该系统在很大程度上促进了敏捷安全评估过程。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Supporting evolving security models for an agile security evaluation

At present, security-related engineering usually requires a big up-front design (BUFD) regarding security requirements and security design. In addition to the BUFD, at the end of the development, a security evaluation process can take up to several months. In today's volatile markets customers want to influence the software design during the development process. Agile processes have proven to support these demands. Nevertheless, there is a clash with traditional security design and evaluation processes. In this paper, we propose an agile security evaluation method for the Common Criteria standard. This method is complemented by an implementation of a change detection analysis for model-based security requirements. This system facilitates the agile security evaluation process to a high degree.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)

自引率

0.00%

发文量