, Security Engineering: a Guide to Building Dependable Distributed Systems, 2001.
, Characterising and Analysing Security Requirements Modelling Initiatives, 2011 Sixth International Conference on Availability, Reliability and Security, pp.710-715, 2011.
DOI : 10.1109/ARES.2011.113
, A comparison of security requirements engineering methods, Requirements Engineering, vol.4, issue.2, pp.7-40, 2010.
DOI : 10.1007/s00766-009-0092-x
, A systematic review of security requirements engineering, Computer Standards & Interfaces, vol.32, issue.4, pp.153-165, 2010.
DOI : 10.1016/j.csi.2010.01.006
, Survey and analysis on Security Requirements Engineering, Computers & Electrical Engineering, vol.38, issue.6, pp.1785-1797, 2012.
DOI : 10.1016/j.compeleceng.2012.08.008
, Towards a Measurement Framework for Security Risk Management, Modeling Security Workshop (MOD- SEC'08), in conjunction with the 11th International Conference on Model Driven Engineering Languages and Systems (MODELS'08), 2008.
, UMLsec: extending UML for secure systems development. The Unified Modeling Language, Model Engineering, Languages Concepts and Tools, Fifth International Conference, 2002.
, SecureUML: A UML-Based Modeling Language for Model-Driven Security. The Unified Modeling Language, Model Engineering , Languages Concepts and Tools, Fifth International Conference, 2002.
, Stehney: Security quality requirements engineering (SQUARE) Methodology, Software Eng. Inst, 2005.
DOI : 10.1145/1083200.1083214
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.110.8758
, Opdahl: Capturing security requirements by misuse cases, Presented at 14th Norwegian Informatics Conference (NIK'2001), 2001.
DOI : 10.1109/tools.2000.891363
, Elaborating security requirements by construction of intentional anti-models, Proceedings. 26th International Conference on Software Engineering, pp.148-157, 2004.
DOI : 10.1109/ICSE.2004.1317437
, SECURE TROPOS: A SECURITY-ORIENTED EXTENSION OF THE TROPOS METHODOLOGY, International Journal of Software Engineering and Knowledge Engineering, vol.17, issue.02, pp.285-309, 2007.
DOI : 10.1142/S0218194007003240
, A Goal Oriented Approach for Modeling and Analyzing Security Trade-Offs, 2007.
DOI : 10.1007/978-3-540-75563-0_26
, Strategies for developing policies and requirements for secure electronic commerce systems, 2000.
, Model-based security analysis in seven steps ??? a guided tour to the CORAS method, BT Technology Journal, vol.24, issue.12, pp.101-117, 2007.
DOI : 10.1007/s10550-007-0013-9
, Zannone: From trust to dependability through risk analysis, Proceedings of the international conference on availability, reliability and security (AReS, pp.19-26, 2007.
DOI : 10.1109/ares.2007.93
, Towards a risk-based security requirements engineering framework, Proceedings of the 11th international workshop on requirements engineering: foundation for software quality (REFSQ05), in conjunction with the 17th conference on advanced information systems engineering (CAiSE05), 2005.
, Applying a Security Requirements Engineering Process, Proceedings of the 11th European conference on Research in Computer Security, pp.192-206, 2006.
DOI : 10.1007/11863908_13
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.1028.592
, ISO/IEC 27005:2011 Information technology ? Security techniques ? Information security risk management, 2010.
, Bast: MDA explainedthe model driven architecture: practice and promise, 2003.
, A systematic review of transformation approaches between user requirements and analysis models. Requirements Engineering, v.16 n.2, pp.75-99, 2011.
, An approach based on Model-driven Engineering to define Security Policies using the access control model OrBAC.The Eight International Workshop on Frontiers in Availability, Reliability and Security (FARES 2013), conjonction with the 8th ARES Conference, pp.2-6, 2013.
, From KAOS to RBAC: A Case Study in Designing Access Control Rules from a Requirements Analysis, 2011 Conference on Network and Information Systems Security, 2011.
DOI : 10.1109/SAR-SSI.2011.5931378
URL : https://hal.archives-ouvertes.fr/hal-00860807
, Towards a Comprehensive Framework for Secure Systems Development, 18th International Conference on Advanced Information Systems Engineering, 2006.
DOI : 10.1007/11767138_5
, Using Requirements Engineering in an Automatic Security Policy Derivation Process, 2011.
DOI : 10.1007/978-3-642-28879-1_11
URL : https://hal.archives-ouvertes.fr/hal-00738844
, Software Security Engineering: A Guide for Project Managers, 2004.
, Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development, Proceedings of the 20th International Conference on Advanced Information Systems Engineering, pp.541-555, 2008.
DOI : 10.1007/978-3-540-69534-9_40
, Aagedal: The CORAS methodology: model-based risk assessment using UML and UP, UML and the Unified Process, pp.332-357, 2003.
, Using Abuse Frames to Bound the Scope of Security Problems, Proceedings of the 12th IEEE international Conference on Requirements Engineering, pp.354-355, 2004.
, A Security Engineering Process based on Patterns, 18th International Conference on Database and Expert Systems Applications (DEXA 2007), pp.734-738, 2007.
DOI : 10.1109/DEXA.2007.36
, A Problem-Based Threat Analysis in Compliance with Common Criteria, 2013 International Conference on Availability, Reliability and Security, pp.111-120, 2013.
DOI : 10.1109/ARES.2013.21
, Security Requirements Engineering: A Framework for Representation and Analysis, IEEE Transactions on Software Engineering, vol.34, issue.1, p.133, 2008.
DOI : 10.1109/TSE.2007.70754
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.210.512