Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Reviewing and Evaluating Techniques for Modeling and Analyzing Security Requirements
Blekinge Institute of Technology, School of Engineering, Department of Systems and Software Engineering.
2007 (English)Independent thesis Advanced level (degree of Master (One Year))Student thesis
Abstract [en]

The software engineering community recognized the importance of addressing security requirements with other functional requirements from the beginning of the software development life cycle. Therefore, there are some techniques that have been developed to achieve this goal. Thus, we conducted a theoretical study that focuses on reviewing and evaluating some of the techniques that are used to model and analyze security requirements. Thus, the Abuse Cases, Misuse Cases, Data Sensitivity and Threat Analyses, Strategic Modeling, and Attack Trees techniques are investigated in detail to understand and highlight the similarities and differences between them. We found that using these techniques, in general, help requirements engineer to specify more detailed security requirements. Also, all of these techniques cover the concepts of security but in different levels. In addition, the existence of different techniques provides a variety of levels for modeling and analyzing security requirements. This helps requirements engineer to decide which technique to use in order to address security issues for the system under investigation. Finally, we found that using only one of these techniques will not be suitable enough to satisfy the security requirements of the system under investigation. Consequently, we consider that it would be beneficial to combine the Abuse Cases or Misuse Cases techniques with the Attack Trees technique or to combine the Strategic Modeling and Attack Trees techniques together in order to model and analyze security requirements of the system under investigation. The concentration on using the Attack Trees technique is due to the reusability of the produced attack trees, also this technique helps in covering a wide range of attacks, thus covering security concepts as well as security requirements in a proper way.

Place, publisher, year, edition, pages
2007. , 68 p.
Keyword [en]
Security Requirements, Abuse Cases, Misuse Cases, Data Sensitivity and Threat Analyses, Strategic Modeling, Attack Trees.
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:bth-6203Local ID: oai:bth.se:arkivex1ADA812545312F64C1257272004350F5OAI: oai:DiVA.org:bth-6203DiVA: diva2:833633
Uppsok
Technology
Supervisors
Available from: 2015-04-22 Created: 2007-01-29 Last updated: 2015-06-30Bibliographically approved

Open Access in DiVA

fulltext(1017 kB)504 downloads
File information
File name FULLTEXT01.pdfFile size 1017 kBChecksum SHA-512
1c662cc8d8b67031363ad45aedc141a2b4a964599b70a4ec2df9c6ef10ee4d0113bb96c71a550a45e8edfc22e9abe8ac881b56ca644f42f6d3ab599ad19c621e
Type fulltextMimetype application/pdf

By organisation
Department of Systems and Software Engineering
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 504 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 467 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf