This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Inger Anne T?ndel Articles by Martin Gilje Jaatun Articles by Per H?kon Meland

Security Requirements for the Rest of Us: A Survey

January/February 2008 (vol. 25 no. 1)

pp. 20-27

1. P. Coffee, "Security Onus Is on Developers," eWeek,6 June 2006, www.eweek.com/article20,1895,1972593,00.asp .
2. H. Mouratidis, P. Giorgini, and G. Manson, "When Security Meets Software Engineering: A Case of Modeling Secure Information Systems," Information Systems, vol. 30, no. 8, 2005, pp. 609–629.
3. J.D. Meier, "Web Application Security Engineering," IEEE Security &Privacy, vol. 4, no. 4, 2006, pp. 16–24.
4. S. Furnell, "Why Users Cannot Use Security," Computers &Security, vol. 24, no. 4, 2005, pp. 274–279.
5. L.A. Gordon et al., "CSI/FBI Computer Crime and Security Survey," Computer Security Inst., 2006; www.gocsi.com/forms/fbicsi_fbi_survey.jhtml .
6. J.F. Davis, "The Affordable Application of Formal Methods to Software Engineering," ACM SIGAda Ada Letters, ACM Press, 2005, pp. 57–62.
7. D.G. Firesmith, "Engineering Security Requirements," J. Object Technology, vol. 2, no. 1, 2003, pp. 53–68.
8. C.B. Haley et al., "Security Requirements Engineering: A Framework for Representation and Analysis," to be published in IEEE Trans. Software Eng.; http://doi.ieeecomputersociety.org/10.1109 TSE.2007.70754.
9. G. Peterson, "Collaboration in a Secure Development Process Part 1," Information Security Bull., June 2004, pp. 165–172.
10. N.R. Mead, E.D. Houg, and T.R. Stehney, Security Quality Requirements Engineering (SQUARE) Methodology, tech. report CMU/SEI-2005-TR-009, Software Eng. Inst., Carnegie Mellon Univ., 2005.
11. G. Boström et al., "Extending XP Practices to Support Security Requirements Engineering," Proc. 2006 Int'l Workshop Software Eng. for Secure Systems (SESS), ACM Press, 2006, pp. 11–18.
12. P. Torr, "Demystifying the Threat Modeling Process," IEEE Security &Privacy, vol. 3, no. 5, 2005, pp. 66–70.
13. S. Lipner and M. Howard, "The Trustworthy Computing Security Development Lifecycle, Microsoft Corp., 2005; http://msdn2.microsoft.com/en-us/library ms995349.aspx.
14. A. Apvrille and M. Pourzandi, "Secure Software Development by Example," IEEE Security &Privacy, vol. 3, no. 4, 2005, pp. 10–17.
15. E.B. Fernandez, "A Methodology for Secure Software Design," paper presented at the Int'l Symp. Web Services and Applications (ISWS), 2004; www.cse.fau.edu/~edEFLVSecSysDes1.pdf.
16. K.R. van Wyk and G. McGraw, "Bridging the Gap between Software Development and Information Security," IEEE Security &Privacy, vol. 3, no. 5, 2005, pp. 75–79.
17. J.G. Hall, L. Rapanotti, and M. Jackson, "Problem Frame Semantics for Software Development," Software and Systems Modeling, vol. 4, no. 2, 2005, pp. 189–198.
18. G. McGraw, Software Security: Building Security In, Addison-Wesley, 2006.
19. H. Chivers, "Information Modeling for Automated Risk Analysis," Proc. Comm. and Multimedia Security, LNCS 4237, Springer, 2006, pp. 228–239.
20. A. van Lamsweerde, "Elaborating Security Requirements by Construction of Intentional Anti-models," Proc. 26th Int'l Conf. Software Eng. (ICSE 04), IEEE CS Press, 2004, pp. 148–157.
21. G. Sindre and A.L. Opdahl, "Eliciting Security Requirements with Misuse Cases," Requirements Eng., vol. 10, no. 1, 2005, pp. 34–44.
22. J. McDermott and C. Fox, "Using Abuse Case Models for Security Requirements Analysis," Proc. Computer Security Applications Conf., IEEE CS Press, 1999, pp. 55–64.
23. D.G. Firesmith, "Security Use Cases," J. Object Technology, vol. 2, no. 3, 2003, pp. 53–64.
24. L. Røstad, "An Extended Misuse Case Notation: Including Vulnerabilities and the Insider Threat," Proc. 12th Working Conf. Requirements Eng.: Foundation for Software Quality (REFSQ), Essener Informatik Beiträge, 2006, pp. 33–34.
25. J. Peeters, "Agile Security Requirements Engineering," Symp. Requirements Eng. Information Security, 2005; www.sreis.org/SREIS_05_Programshort26_peeters.pdf .
26. V. Kongsli, "Towards Agile Security in Web Applications," Proc. ACM SIGPLANInt'l Conf Object-Oriented Programming Systems Languages and Applications (OOPSLA06), ACM Press, 2006, pp. 805–808.
27. B. Schneier, "Attack Trees—Modeling Security Threats," Dr. Dobb's J., Dec. 1999, pp. 21–29.
28. F. Swiderski and W. Snyder, Threat Modeling, Microsoft Professional, 2004.
29. L. Chung and B.A. Nixon, "Dealing with Non-functional Requirements: Three Experimental Studies of a Process-Oriented Approach," Proc. 17th Int'l Conf. Software Eng. (ICSE 95), IEEE CS Press, 1995, pp. 25–37.
30. L. Chung, "Dealing with Security Requirements during the Development of Information Systems," Proc. 5th Int'l Conf. Advanced Information Systems Eng. (CAiSE), LNCS 685, Springer, 1993, pp. 234–251.
31. J. Cleland-Huang et al., "A Goal-Oriented Approach to Identifying and Mitigating Security Risks," Proc. Int'l Symp. Secure Software Eng., IEEE CS Press, 2006, pp. 167–177.
32. J. Mylopoulos, L. Chung, and E. Yu, "From Object-Oriented to Goal-Oriented Requirements Analysis," Comm. ACM, vol. 42, no. 1, 1999, pp. 31–37.
33. D. Verdon, "Security Policies and the Software Developer," IEEE Security &Privacy, vol. 4, no. 4, 2006, pp. 42–49.