{"title":"面向需求和建模驱动的安全评估","authors":"R. Savola","doi":"10.1109/ICSNC.2006.72","DOIUrl":null,"url":null,"abstract":"Development of the information security requirements of practical telecommunications and software-intensive systems is typically at an inadequate level and relies heavily on the experience of the security professionals. Security requirements are in the focus in all phases of security engineering. Obviously, automated approaches are needed in this field. We here introduce a framework for security evaluation based on security requirement definition, behavior modeling and evidence collection.","PeriodicalId":217322,"journal":{"name":"2006 International Conference on Systems and Networks Communications (ICSNC'06)","volume":"289 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Towards Requirement and Modeling Driven Security Evaluation\",\"authors\":\"R. Savola\",\"doi\":\"10.1109/ICSNC.2006.72\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Development of the information security requirements of practical telecommunications and software-intensive systems is typically at an inadequate level and relies heavily on the experience of the security professionals. Security requirements are in the focus in all phases of security engineering. Obviously, automated approaches are needed in this field. We here introduce a framework for security evaluation based on security requirement definition, behavior modeling and evidence collection.\",\"PeriodicalId\":217322,\"journal\":{\"name\":\"2006 International Conference on Systems and Networks Communications (ICSNC'06)\",\"volume\":\"289 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-10-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2006 International Conference on Systems and Networks Communications (ICSNC'06)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSNC.2006.72\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2006 International Conference on Systems and Networks Communications (ICSNC'06)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSNC.2006.72","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards Requirement and Modeling Driven Security Evaluation
Development of the information security requirements of practical telecommunications and software-intensive systems is typically at an inadequate level and relies heavily on the experience of the security professionals. Security requirements are in the focus in all phases of security engineering. Obviously, automated approaches are needed in this field. We here introduce a framework for security evaluation based on security requirement definition, behavior modeling and evidence collection.