Shareeful Islam, H. Mouratidis, Christos Kalloniatis, Aleksandar Hudic, L. Zechner
{"title":"基于模型的过程支持安全和隐私需求工程","authors":"Shareeful Islam, H. Mouratidis, Christos Kalloniatis, Aleksandar Hudic, L. Zechner","doi":"10.4018/jsse.2012070101","DOIUrl":null,"url":null,"abstract":"Software systems are becoming more complex, interconnected and liable to adopt continuous change and evolution. It's necessary to develop appropriate methods and techniques to ensure security and privacy of such systems. Research efforts that aim to ensure security and privacy of software systems are distinguished through two main categories: 1 the development of requirements engineering methods, and 2 implementation techniques. Approaches that fall in the first category usually aim to address either security or privacy in an implicit way, with emphasis on the security aspects by developing methods to elicit and analyse security and privacy requirements. Works that fall in the latter categories focus specifically on the later stages of the development process irrespective of the organisational context in which the system will be incorporated. This work introduces a model-based process for security and privacy requirements engineering. In particular, the authors' work includes activities which support to identify and analyse security and privacy requirements for the software system. Their purpose process combines concepts from two well-known requirements engineering methods, Secure Tropos and PriS. A real case study from the EU project E-vote, i.e., an Internet based voting system, is employed to demonstrate the applicability of the approach.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"78 1","pages":"1-22"},"PeriodicalIF":0.0000,"publicationDate":"2012-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"36","resultStr":"{\"title\":\"Model Based Process to Support Security and Privacy Requirements Engineering\",\"authors\":\"Shareeful Islam, H. Mouratidis, Christos Kalloniatis, Aleksandar Hudic, L. Zechner\",\"doi\":\"10.4018/jsse.2012070101\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software systems are becoming more complex, interconnected and liable to adopt continuous change and evolution. It's necessary to develop appropriate methods and techniques to ensure security and privacy of such systems. Research efforts that aim to ensure security and privacy of software systems are distinguished through two main categories: 1 the development of requirements engineering methods, and 2 implementation techniques. Approaches that fall in the first category usually aim to address either security or privacy in an implicit way, with emphasis on the security aspects by developing methods to elicit and analyse security and privacy requirements. Works that fall in the latter categories focus specifically on the later stages of the development process irrespective of the organisational context in which the system will be incorporated. This work introduces a model-based process for security and privacy requirements engineering. In particular, the authors' work includes activities which support to identify and analyse security and privacy requirements for the software system. Their purpose process combines concepts from two well-known requirements engineering methods, Secure Tropos and PriS. A real case study from the EU project E-vote, i.e., an Internet based voting system, is employed to demonstrate the applicability of the approach.\",\"PeriodicalId\":89158,\"journal\":{\"name\":\"International journal of secure software engineering\",\"volume\":\"78 1\",\"pages\":\"1-22\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"36\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International journal of secure software engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/jsse.2012070101\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International journal of secure software engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/jsse.2012070101","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Model Based Process to Support Security and Privacy Requirements Engineering
Software systems are becoming more complex, interconnected and liable to adopt continuous change and evolution. It's necessary to develop appropriate methods and techniques to ensure security and privacy of such systems. Research efforts that aim to ensure security and privacy of software systems are distinguished through two main categories: 1 the development of requirements engineering methods, and 2 implementation techniques. Approaches that fall in the first category usually aim to address either security or privacy in an implicit way, with emphasis on the security aspects by developing methods to elicit and analyse security and privacy requirements. Works that fall in the latter categories focus specifically on the later stages of the development process irrespective of the organisational context in which the system will be incorporated. This work introduces a model-based process for security and privacy requirements engineering. In particular, the authors' work includes activities which support to identify and analyse security and privacy requirements for the software system. Their purpose process combines concepts from two well-known requirements engineering methods, Secure Tropos and PriS. A real case study from the EU project E-vote, i.e., an Internet based voting system, is employed to demonstrate the applicability of the approach.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
