The Community for Technology Leaders
RSS Icon
Issue No.09 - September (2009 vol.42)
pp: 64-72
Bashar Nuseibeh , The Open University
Charles B. Haley , The Open University
The authors describe their experiences applying a security requirements analysis to an air traffic control project using a framework that offers different forms of structured argumentation. In deploying the framework, they also learned several lessons about security requirements.
Security requirements engineering, Security requirements analysis
Bashar Nuseibeh, Charles B. Haley, Craig Foster, "Securing the Skies: In Requirements We Trust", Computer, vol.42, no. 9, pp. 64-72, September 2009, doi:10.1109/MC.2009.299
1. B. Schneier, Secrets and Lies: Digital Security in a Networked World, Wiley, 2000.
2. R. Crook et al., "Security Requirements Engineering: When Anti-Requirements Hit the Fan," Proc. 10th Anniversary IEEE Joint Int'l Conf. Requirements Eng. (RE 02), IEEE CS Press, 2002, pp. 203-205.
3. A.I. Antón ed., special issue on "Requirements Engineering for Information Security," Requirements Eng., Dec. 2002, pp. 177-287.
4. C.B. Haley et al., "Security Requirements Engineering: A Framework for Representation and Analysis," IEEE Trans. Software Eng., Jan. 2008, pp. 133-153.
5. B. Nuseibeh and S. Easterbrook, "Requirements Engineering: A Roadmap," Proc. Conf. Future of Software Eng. (FOSE 00), ACM Press, 2000, pp. 35-46.
6. P.T. Devanbu and S. Stubblebine, "Software Engineering for Security: A Roadmap," Proc. Conf. Future of Software Eng. (FOSE 00), ACM Press, 2000, pp. 227-239.
7. M. Glinz, "On Non-Functional Requirements," Proc. 15th IEEE Int'l Requirements Eng. Conf. (RE 07), IEEE CS Press, 2007, pp. 21-26.
8. D. MacKenzie, Mechanizing Proof: Computing, Risk, and Trust, MIT Press, 2001.
9. B. Nuseibeh, "Weaving Together Requirements and Architectures," Computer, Mar. 2001, pp. 115-117.
10. C. Foster and M. Watson, "CRISTAL UK—Final Project Report," report no. EN-CRISTAL-UK/WP0/FPR/D1.1, 19 Oct. 2007, Eurocontrol; display_library_list_public.html .
11. M. Jackson, Problem Frames: Analysing and Structuring Software Development Problems, Addison-Wesley/ACM Press, 2001.
12. J. Moffett et al., "A Model for a Causal Logic for Requirements Engineering," Requirements Eng., Mar. 1996, pp. 27-46.
13. S. Toulmin, The Uses of Argument, updated ed., Cambridge Univ. Press, 2003.
14. T.P. Kelly, "Arguing Safety—A Systematic Approach to Safety Case Management," doctoral dissertation, University of York, 1999.
15. A. van Lamsweerde, "Elaborating Security Requirements by Construction of Intentional Anti-Models," Proc. 26th Int'l Conf. Software Eng. (ICSE 04), IEEE CS Press, 2004, pp. 148-157.
16. I.A. T⊘ndel, M.G. Jaatun, and P.H. Meland, "Security Requirements for the Rest of Us: A Survey," IEEE Software, Jan./Feb. 2008, pp. 20-27.
17. G. Sindre and A.L. Opdahl, "Eliciting Security Requirements by Misuse Cases," Proc. 37th Int'l Conf. Technology of Object-Oriented Languages and Systems (TOOLS-Pacific 00), IEEE CS Press, 2000, pp. 120-131.
15 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool