Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Reviewing and Evaluating Techniques for Modeling and Analyzing Security Requirements
Blekinge Tekniska Högskola, Sektionen för teknik, Avdelningen för programvarusystem.
2007 (engelsk)Independent thesis Advanced level (degree of Master (One Year))Oppgave
Abstract [en]

The software engineering community recognized the importance of addressing security requirements with other functional requirements from the beginning of the software development life cycle. Therefore, there are some techniques that have been developed to achieve this goal. Thus, we conducted a theoretical study that focuses on reviewing and evaluating some of the techniques that are used to model and analyze security requirements. Thus, the Abuse Cases, Misuse Cases, Data Sensitivity and Threat Analyses, Strategic Modeling, and Attack Trees techniques are investigated in detail to understand and highlight the similarities and differences between them. We found that using these techniques, in general, help requirements engineer to specify more detailed security requirements. Also, all of these techniques cover the concepts of security but in different levels. In addition, the existence of different techniques provides a variety of levels for modeling and analyzing security requirements. This helps requirements engineer to decide which technique to use in order to address security issues for the system under investigation. Finally, we found that using only one of these techniques will not be suitable enough to satisfy the security requirements of the system under investigation. Consequently, we consider that it would be beneficial to combine the Abuse Cases or Misuse Cases techniques with the Attack Trees technique or to combine the Strategic Modeling and Attack Trees techniques together in order to model and analyze security requirements of the system under investigation. The concentration on using the Attack Trees technique is due to the reusability of the produced attack trees, also this technique helps in covering a wide range of attacks, thus covering security concepts as well as security requirements in a proper way.

sted, utgiver, år, opplag, sider
2007. , s. 68
Emneord [en]
Security Requirements, Abuse Cases, Misuse Cases, Data Sensitivity and Threat Analyses, Strategic Modeling, Attack Trees.
HSV kategori
Identifikatorer
URN: urn:nbn:se:bth-6203Lokal ID: oai:bth.se:arkivex1ADA812545312F64C1257272004350F5OAI: oai:DiVA.org:bth-6203DiVA, id: diva2:833633
Uppsök
Technology
Veileder
Tilgjengelig fra: 2015-04-22 Laget: 2007-01-29 Sist oppdatert: 2018-01-11bibliografisk kontrollert

Open Access i DiVA

fulltekst(1017 kB)865 nedlastinger
Filinformasjon
Fil FULLTEXT01.pdfFilstørrelse 1017 kBChecksum SHA-512
1c662cc8d8b67031363ad45aedc141a2b4a964599b70a4ec2df9c6ef10ee4d0113bb96c71a550a45e8edfc22e9abe8ac881b56ca644f42f6d3ab599ad19c621e
Type fulltextMimetype application/pdf

Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar
Totalt: 865 nedlastinger
Antall nedlastinger er summen av alle nedlastinger av alle fulltekster. Det kan for eksempel være tidligere versjoner som er ikke lenger tilgjengelige

urn-nbn

Altmetric

urn-nbn
Totalt: 1154 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf