排序方式: 共有5条查询结果,搜索用时 140 毫秒
1
1.
2.
Kure Halima Ibrahim Islam Shareeful Mouratidis Haralambos 《Neural computing & applications》2022,34(18):15241-15271
Neural Computing and Applications - Cyber security risk management plays an important role for today’s businesses due to the rapidly changing threat landscape and the existence of evolving... 相似文献
3.
Eliciting security requirements and tracing them to design: an integration of Common Criteria, heuristics, and UMLsec 总被引:1,自引:1,他引:0
Siv Hilde Houmb Shareeful Islam Eric Knauss Jan Jürjens Kurt Schneider 《Requirements Engineering》2010,15(1):63-93
Building secure systems is difficult for many reasons. This paper deals with two of the main challenges: (i) the lack of security expertise in development teams and (ii) the inadequacy of existing methodologies to support developers who are not security experts. The security standard ISO 14508 Common Criteria (CC) together with secure design techniques such as UMLsec can provide the security expertise, knowledge, and guidelines that are needed. However, security expertise and guidelines are not stated explicitly in the CC. They are rather phrased in security domain terminology and difficult to understand for developers. This means that some general security and secure design expertise are required to fully take advantage of the CC and UMLsec. In addition, there is the problem of tracing security requirements and objectives into solution design, which is needed for proof of requirements fulfilment. This paper describes a security requirements engineering methodology called SecReq. SecReq combines three techniques: the CC, the heuristic requirements editor HeRA, and UMLsec. SecReq makes systematic use of the security engineering knowledge contained in the CC and UMLsec, as well as security-related heuristics in the HeRA tool. The integrated SecReq method supports early detection of security-related issues (HeRA), their systematic refinement guided by the CC, and the ability to trace security requirements into UML design models. A feedback loop helps reusing experience within SecReq and turns the approach into an iterative process for the secure system life-cycle, also in the presence of system evolution. 相似文献
4.
Kurt Schneider Eric Knauss Siv Houmb Shareeful Islam Jan Jürjens 《Requirements Engineering》2012,17(1):35-56
More and more software projects today are security-related in one way or the other. Requirements engineers without expertise
in security are at risk of overlooking security requirements, which often leads to security vulnerabilities that can later
be exploited in practice. Identifying security-relevant requirements is labor-intensive and error-prone. In order to facilitate
the security requirements elicitation process, we present an approach supporting organizational learning on security requirements
by establishing company-wide experience resources and a socio-technical network to benefit from them. The approach is based
on modeling the flow of requirements and related experiences. Based on those models, we enable people to exchange experiences
about security-relevant requirements while they write and discuss project requirements. At the same time, the approach enables
participating stakeholders to learn while they write requirements. This can increase security awareness and facilitate learning
on both individual and organizational levels. As a basis for our approach, we introduce heuristic assistant tools. They support
reuse of existing experiences that are relevant for security. In particular, they include Bayesian classifiers that issue
a warning automatically when new requirements seem to be security-relevant. Our results indicate that this is feasible, in
particular if the classifier is trained with domain-specific data and documents from previous projects. We show how the ability
to identify security-relevant requirements can be improved using this approach. We illustrate our approach by providing a
step-by-step example of how we improved the security requirements engineering process at the European Telecommunications Standards
Institute (ETSI) and report on experiences made in this application. 相似文献
5.
Christos Kalloniatis Haralambos Mouratidis Shareeful Islam 《Requirements Engineering》2013,18(4):299-319
Migrating organisational services, data and application on the Cloud is an important strategic decision for organisations due to the large number of benefits introduced by the usage of cloud computing, such as cost reduction and on-demand resources. Despite, however, many benefits, there are challenges and risks for cloud adaption related to (amongst others) data leakage, insecure APIs and shared technology vulnerabilities. These challenges need to be understood and analysed in the context of an organisation’s security and privacy goals and relevant cloud computing deployment models. Although the literature provides a large number of references to works that consider cloud computing security issues, no work has been provided, to our knowledge, which supports the elicitation of security and privacy requirements and the selection of an appropriate cloud deployment model based on such requirements. This work contributes towards this gap. In particular, we propose a requirements engineering framework to support the elicitation of security and privacy requirements and the selection of an appropriate deployment model based on the elicited requirements. Our framework provides a modelling language that builds on concepts from requirements, security, privacy and cloud engineering, and a systematic process. We use a real case study, based on the Greek National Gazette, to demonstrate the applicability of our work. 相似文献
1