Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Reviewing and Evaluating Techniques for Modeling and Analyzing Security Requirements
Blekinge Tekniska Högskola, Sektionen för teknik, Avdelningen för programvarusystem.
2007 (Engelska)Självständigt arbete på avancerad nivå (magisterexamen)Studentuppsats (Examensarbete)
Abstract [en]

The software engineering community recognized the importance of addressing security requirements with other functional requirements from the beginning of the software development life cycle. Therefore, there are some techniques that have been developed to achieve this goal. Thus, we conducted a theoretical study that focuses on reviewing and evaluating some of the techniques that are used to model and analyze security requirements. Thus, the Abuse Cases, Misuse Cases, Data Sensitivity and Threat Analyses, Strategic Modeling, and Attack Trees techniques are investigated in detail to understand and highlight the similarities and differences between them. We found that using these techniques, in general, help requirements engineer to specify more detailed security requirements. Also, all of these techniques cover the concepts of security but in different levels. In addition, the existence of different techniques provides a variety of levels for modeling and analyzing security requirements. This helps requirements engineer to decide which technique to use in order to address security issues for the system under investigation. Finally, we found that using only one of these techniques will not be suitable enough to satisfy the security requirements of the system under investigation. Consequently, we consider that it would be beneficial to combine the Abuse Cases or Misuse Cases techniques with the Attack Trees technique or to combine the Strategic Modeling and Attack Trees techniques together in order to model and analyze security requirements of the system under investigation. The concentration on using the Attack Trees technique is due to the reusability of the produced attack trees, also this technique helps in covering a wide range of attacks, thus covering security concepts as well as security requirements in a proper way.

Ort, förlag, år, upplaga, sidor
2007. , 68 s.
Nyckelord [en]
Security Requirements, Abuse Cases, Misuse Cases, Data Sensitivity and Threat Analyses, Strategic Modeling, Attack Trees.
Nationell ämneskategori
Programvaruteknik
Identifikatorer
URN: urn:nbn:se:bth-6203Lokalt ID: oai:bth.se:arkivex1ADA812545312F64C1257272004350F5OAI: oai:DiVA.org:bth-6203DiVA: diva2:833633
Uppsök
teknik
Handledare
Tillgänglig från: 2015-04-22 Skapad: 2007-01-29 Senast uppdaterad: 2015-06-30Bibliografiskt granskad

Open Access i DiVA

fulltext(1017 kB)693 nedladdningar
Filinformation
Filnamn FULLTEXT01.pdfFilstorlek 1017 kBChecksumma SHA-512
1c662cc8d8b67031363ad45aedc141a2b4a964599b70a4ec2df9c6ef10ee4d0113bb96c71a550a45e8edfc22e9abe8ac881b56ca644f42f6d3ab599ad19c621e
Typ fulltextMimetyp application/pdf

Av organisationen
Avdelningen för programvarusystem
Programvaruteknik

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 693 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

Totalt: 613 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf