SECURE INFORMATION SYSTEMS DEVELOPMENT - Based on a Security Requirements Engineering Process

Daniel Mellado, Eduardo Fernández-Medina, Mario Piattini

2006

Abstract

Integration of security into the early stages of the system development is necessary to build secure systems. However, in the majority of software projects security is dealt with when the system has already been designed and put into operation. This paper will propose an approach called SREP (Security Requirements Engineering Process) for the development of secure software. We will present an iterative and incremental micro-process for the security requirements analysis that is repeatedly performed at each phase. It integrates the Common Criteria into the software lifecycle model as well as it is based on the reuse of security requirements, by providing a security resources repository. In brief, we will present an approach which deals with the security requirements at the early stages of software development in a systematic and intuitive way, and which also conforms to ISO/IEC 17799:2005.

References

  1. Baskeville, R. (1992). "The development duality of information systems security." Journal of Management Systems 4(1): 1-12.
  2. Booch, G., J. Rumbaugh and I. Jacobson (1999). The Unified Software Development Process, AddisonWesley.
  3. Breu, R., K. Burger, M. Hafner and G. Popp (2004). "Towards a Systematic Development of Secure Systems." Proceedings WOSIS 2004: 1-12.
  4. Cybulsky, J. and K. Reed (2000). "Requirements Classification and Reuse: Crossing Domains Boundaries." ICSR'2000: 190-210.
  5. Firesmith, D. G. (2003). "Security Use Cases." Journal of Object Technology: 53-64.
  6. Kam, S. H. (2005). "Integrating the Common Criteria Into the Software Engineering Lifecycle." IDEAS'05: 267- 273.
  7. Kemmerer, R. (2003). "Cybersecurity." Proc. ICSE'03- 25th Intl. Conf. on Software engineering: 705-715.
  8. Kotonya, G. and I. Sommerville (1998). Requirements Engineering Process and Techniques,
  9. McDermott, J. and C. Fox (1999). Using Abuse Case Models for Security Requirements Analysis. Annual Computer Security Applications Conference, Phoenix, Arizona.
  10. Mellado, D., E. Fernández-Medina and M. Piattini (2006). "A Comparative Study of Proposals for Establishing Security Requirements for the Development of Secure Information Systems." The 2006 International Conference on Computational Science and its Applications (ICCSA 2006), Springer LNCS 3982 3: 1044-1053.
  11. Popp, G., J. Jürjens, G. Wimmel and R. Breu (2003). Security-Critical System Development with Extended Use Cases. 10th Asia-Pacific Software Engineering Conference: 478-487.
  12. Sindre, G., D. G. Firesmith and A. L. Opdahl (2003). A Reuse-Based Approach to Determining Security Requirements. Proc. 9th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ'03), Austria.
  13. Toval, A., J. Nicolás, B. Moros and F. García (2001). Requirements Reuse for Improving Information Systems Security: A Practitioner's Approach. Requirements Engineering Journal. 6: 205-219.
Download


Paper Citation


in Harvard Style

Mellado D., Fernández-Medina E. and Piattini M. (2006). SECURE INFORMATION SYSTEMS DEVELOPMENT - Based on a Security Requirements Engineering Process . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 467-470. DOI: 10.5220/0002098004670470


in Bibtex Style

@conference{secrypt06,
author={Daniel Mellado and Eduardo Fernández-Medina and Mario Piattini},
title={SECURE INFORMATION SYSTEMS DEVELOPMENT - Based on a Security Requirements Engineering Process},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},
year={2006},
pages={467-470},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002098004670470},
isbn={978-972-8865-63-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
TI - SECURE INFORMATION SYSTEMS DEVELOPMENT - Based on a Security Requirements Engineering Process
SN - 978-972-8865-63-4
AU - Mellado D.
AU - Fernández-Medina E.
AU - Piattini M.
PY - 2006
SP - 467
EP - 470
DO - 10.5220/0002098004670470