Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
A Framework for Security Requirements: Security Requirements Categorization and Misuse Cases
Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation.
Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation.
2011 (Engelska)Självständigt arbete på avancerad nivå (masterexamen)Studentuppsats (Examensarbete)Alternativ titel
En ram för Säkerhetskrav : Säkerhetskrav kategorisering och missbruk ärenden (Svenska)
Abstract [en]

Context: Security Requirements engineering is necessary to achieve secure software systems. Many techniques and approaches have been proposed to elicit security requirements in the initial phases of development. With the growing importance of security and immense increase in security breaches over the past few years, researchers and practitioners have been striving to achieve a mature process of coping with security requirements. Much of the activities in this regard are seen in academia but industry still seems to be lacking in giving the required importance to security requirements engineering. That is why, security requirements engineering is still not always considered as a central part of requirements engineering. This study is targeted to bridge this gap between academia and industry in terms of security requirements engineering and to provide a concrete approach to efficiently elicit and specify security requirements. The Misuse case technique is proposed for this purpose. However it lacks in providing guidelines for enabling scalable use. This limitation has been addressed to achieve a mature process of security requirements elicitation. Objectives: In this study, we propose a framework to elicit security requirements early in the software development using misuse case technique. Objective is to make misuse case technique scalable and applicable to the real-world projects. The proposed framework was presented to two representatives from the Swedish Armed Forces (SWAF). The feedback received from the representatives was utilized to refine, update and finalize the framework. Methods: The study involved a systematic review to gain an insight of the academic perspective in the area of study. Document extraction was adopted to observe the industrial trends in the said subject. These were the software requirements specification documents of the real-world systems. Document extraction was supported with informed brainstorming because the study revolved around misuse case technique and informed brainstorming is considered to be the most suitable technique for this purpose. A workshop was conducted with two representatives of Swedish Armed Forces followed by two subsequent asynchronous communication rounds and a facilitated session to get feedback about the proposed solution. This feedback was utilized to refine, update and finalize the proposed solution. Results: The results of the systematic review were organized in tabular forms for a clear understanding and easy analysis. A security requirements categorization was obtained as a result which was finalized after an initial validation with the help of real-world projects. Furthermore, a framework was proposed utilizing this categorization to address the limitations of misuse case technique. The framework was created and refined through workshop and different communication rounds with representatives of SWAF. Their feedback was used as input to further improve the usefulness and usability aspects of the framework. Conclusions: The significance of security requirements engineering is undisputedly accepted both in academia and industry. However, the area is not a subject of practice in industrial projects. The reasons include lack of mature processes as well as expensive and time consuming solutions. Lack of empirical evidences adds to the problems. The conducted study and proposed process of dealing with this issue is considered as a one step forward towards addressing the challenges.

Abstract [sv]

Säkerhet Kravhantering är nödvändigt för att uppnå säkra programvarusystem. Många tekniker och metoder har föreslagits för att framkalla säkerhetskraven i de inledande faserna i utvecklingen. Med den växande betydelsen av säkerhet och enorma ökning av brott mot säkerheten under de senaste åren har forskare och praktiker strävat efter att uppnå en mogen process för att klara säkerhetskraven. Mycket av verksamheten i detta avseende ses i den akademiska världen, men industrin fortfarande tycks saknas i att ge den nödvändiga betydelse för säkerheten kravhantering. Därför är säkerheten kravhantering fortfarande inte alltid som en central del av kravhantering. Denna studie är inriktad att överbrygga denna klyfta mellan akademi och näringsliv när det gäller säkerhet kravhantering och att ge en konkret strategi för att effektivt få fram och specificera säkerhetskrav. Missbruk fallet tekniken föreslås för detta ändamål. Men det saknar i att ge riktlinjer för att möjliggöra skalbar användning. Denna begränsning har åtgärdats för att uppnå en mogen process av säkerhetskrav elicitation.

Ort, förlag, år, upplaga, sidor
2011. , s. 55
Nyckelord [en]
Misuse Case, Security Requirements, Categorization, Elicitation, Specification
Nationell ämneskategori
Datavetenskap (datalogi) Programvaruteknik
Identifikatorer
URN: urn:nbn:se:bth-5896Lokalt ID: oai:bth.se:arkivexDDB6C40CCD6CBD26C1257962005A1FCCOAI: oai:DiVA.org:bth-5896DiVA, id: diva2:833306
Uppsök
teknik
Handledare
Anmärkning
+46 (0) 735 84 12 97, +46 (0) 760 60 96 55Tillgänglig från: 2015-04-22 Skapad: 2011-12-10 Senast uppdaterad: 2018-01-11Bibliografiskt granskad

Open Access i DiVA

fulltext(3667 kB)307 nedladdningar
Filinformation
Filnamn FULLTEXT01.pdfFilstorlek 3667 kBChecksumma SHA-512
5e6e9b907adfe5d80e1d0c5905fa5a2ecc8bbb9eadaa93d9057e8a5fcf0429873eddd57eeeffb35392ae30227af9247565c7f479a415101aa9574702d2c576ae
Typ fulltextMimetyp application/pdf

Av organisationen
Sektionen för datavetenskap och kommunikation
Datavetenskap (datalogi)Programvaruteknik

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 307 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

urn-nbn

Altmetricpoäng

urn-nbn
Totalt: 466 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf