A Review of Security Requirements Engineering Methods with Respect to Risk Analysis and Model-Driven Engineering

Abstract : One of the most important aspects that help improve the quality and cost of secure information systems in their early stages of the development lifecycle is Security Requirements Engineering (SRE). However, obtaining such requirements is non-trivial. One domain dealing also with eliciting security requirements is Risk Analysis (RA). Therefore, we perform a review of SRE methods in order to analyse which ones are compatible with RA processes. Moreover, the transition from these early security requirements to security policies at later stages in the lifecycle is generally non-automatic, informal and incomplete. To deal with such issues, model-driven engineering (MDE) uses formal models and automatic model transformations. Therefore, we also review which SRE methods are compatible with MDE approaches. Consequently, our review is based on criteria derived partially from existing survey works, further enriched and specialized in order to evaluate the compatibility of SRE methods with the disciplines of RA and MDE. It summarizes the evidence regarding this issue so as to improve understanding and facilitate evaluating and selecting SRE methods.
Type de document :
Communication dans un congrès
Stephanie Teufel; Tjoa A Min; Ilsun You; Edgar Weippl. International Cross-Domain Conference and Workshop on Availability, Reliability, and Security (CD-ARES), Sep 2014, Fribourg, Switzerland. Springer, Lecture Notes in Computer Science, LNCS-8708, pp.79-93, 2014, Availability, Reliability, and Security in Information Systems. 〈10.1007/978-3-319-10975-6_6〉
Liste complète des métadonnées

Littérature citée [32 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01403987
Contributeur : Hal Ifip <>
Soumis le : lundi 28 novembre 2016 - 11:23:08
Dernière modification le : jeudi 15 février 2018 - 22:00:50
Document(s) archivé(s) le : mardi 21 mars 2017 - 14:38:03

Fichier

978-3-319-10975-6_6_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Denisse Muñante, Vanea Chiprianov, Laurent Gallon, Philippe Aniorté. A Review of Security Requirements Engineering Methods with Respect to Risk Analysis and Model-Driven Engineering. Stephanie Teufel; Tjoa A Min; Ilsun You; Edgar Weippl. International Cross-Domain Conference and Workshop on Availability, Reliability, and Security (CD-ARES), Sep 2014, Fribourg, Switzerland. Springer, Lecture Notes in Computer Science, LNCS-8708, pp.79-93, 2014, Availability, Reliability, and Security in Information Systems. 〈10.1007/978-3-319-10975-6_6〉. 〈hal-01403987〉

Partager

Métriques

Consultations de la notice

55

Téléchargements de fichiers

166