a methodology for capturing software systems security ...rafea/csce590/fall08/hassan/seminar.pdf ·...
TRANSCRIPT
![Page 1: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/1.jpg)
A Methodology for Capturing Software Systems Security
Requirements
Hassan EL-HadarySupervised by: Prof. Sherif EL-Kassas
![Page 2: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/2.jpg)
Outline
• Introduction to security– Software Security– Security Definitions
• Security Requirement Engineering• Problem Statement• Survey approaches for eliciting security
requirements• Thesis Objective and Approach
![Page 3: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/3.jpg)
Software Security
• Why secure software?– Attacker hacks software systems– Vulnerabilities exploited– Cost of attack
![Page 4: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/4.jpg)
Secure Software Development
• Developing secure software systems
An example for secure software development lifecycle [1]
![Page 5: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/5.jpg)
Security Definitions
• Assets • Threats • Security Concerns
– Confidentiality– Integrity– Availability
• Security goals• Vulnerability • Countermeasures
![Page 6: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/6.jpg)
Security Definitions
Security Threats, Requirements, and Mechanisms relations [2]
![Page 7: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/7.jpg)
Security requirements
Definition:• How can we achieve security• What need to be secured• What must not occur to achieve security
![Page 8: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/8.jpg)
Security Requirement Engineering
• Consider security early• Update requirement phase to support
security• Perform Security Requirements
Engineering– Elicit, Analyze, and Validate
![Page 9: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/9.jpg)
Problem Statement
• Elicit adequate security requirements
• Assist non-security experts
![Page 10: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/10.jpg)
Threat Modeling
Threat Modeling for Eliciting Security Requirements [3]
![Page 11: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/11.jpg)
Threat Modeling
• Attack Trees
Attack tree [5]
![Page 12: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/12.jpg)
Threat Modeling (Threats Classification – STRIDE [6])
Spoofing access is gained to inaccessible assets using someone else’s credentials.
Tampering Occurs when data is changed when an attack is performed.
Repudiationa user denies performing an action, but the system has no way to prove an action on a user although the user has performed it.
Information disclosure information is disclosed to a user not permitted to see it.
Denial of service a valid users become unable to access resources.
Elevation of privilege a privileged status is gained by an unprivileged user.
![Page 13: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/13.jpg)
Threat Modeling (Threats Ranking – DREAD [6])
Damage Potential The cost of the damage when the threat is exploited.
Reproducibility The rate of reproducing the exploited threat
Exploitability The level of skill needed to exploit this threat
Affected Users The number of affected users
Discoverability The easiness of discovering this threat
![Page 14: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/14.jpg)
Threat Modeling
Steps for eliciting Security Requirements1. System characterization 2. Assets and access points identification 3. Threats identification (STRIDE)
- Threat Catalogs4. Threats Analysis (DREAD)5. Elicit Security Requirement by negating
threats
![Page 15: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/15.jpg)
Threat Modeling
• Expressing security requirements as negative statements is inadequate
• Negative statements should be converted to positive statements
![Page 16: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/16.jpg)
Misuse Cases
Example misuse case [7]
![Page 17: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/17.jpg)
Misuse Cases(Security Use Cases)
Misuse case with Security Use case [2]
![Page 18: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/18.jpg)
Misuse cases(Using generic templates)
![Page 19: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/19.jpg)
Misuse cases(Using generic templates)
![Page 20: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/20.jpg)
Misuse cases
• Advantages:– Lightweight approach– Model interaction between threats and system
• Disadvantages:– Informal causing ambiguity
![Page 21: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/21.jpg)
Goal Oriented Requirement Engineering (KAOS)
KAOS Approach [13]
![Page 22: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/22.jpg)
Goal Oriented Requirement Engineering (KAOS)
• Goal Graph
KAOS Goal Graph [13]
![Page 23: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/23.jpg)
Secure Goal Oriented Requirement Engineering (KAOS)
• Anti-Models
Anti-model Graph [4]
![Page 24: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/24.jpg)
Secure Goal Oriented Requirement Engineering (KAOS)
• Construct high-level security goals– Example:
Avoid[SensitiveInfoKnownByUnauthorizedAgent]
• Build anti-models to elaborate vulnerabilities
• Derive countermeasures and security requirements – Avoid[vulnerability]
![Page 25: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/25.jpg)
Secure Goal Oriented Requirement Engineering (KAOS)
• Attack pattern
DOS Attack pattern [14]
![Page 26: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/26.jpg)
Secure Goal Oriented Requirement Engineering (KAOS)
• Derivation of precise security requirements from high-level goals
• Formal methodology enabling automatic processing
![Page 27: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/27.jpg)
Secure Agent orient based approaches (i*)
• Dependency Diagram:
![Page 28: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/28.jpg)
Secure Agent orient based approaches (i*)
• Attacker Analysis: “who is likely to attack the system? By what means might a specific attacker attack the system?”
• Dependency vulnerability analysis:“Which dependency relationships are vulnerable to attack?”, “What are the chain effects if one dependency link is compromised?”
• Countermeasure Analysis:“how to protect the system the attackers exploiting the vulnerabilities “
![Page 29: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/29.jpg)
Secure Agent orient based approaches (i*)
• Adapting security to i* [8]
![Page 30: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/30.jpg)
Secure Agent orient based approaches
Advantages:• Considering the human factor which has a
significant impact on security. For example, threats may involve tricking other people (doctors or nurses in the case of medical records) to break security goals
Disadvantage:• Concentrates on confidentiality concerns
![Page 31: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/31.jpg)
Requirement Engineering Using Problem Frames
• Generalized Problem Diagram [9]
![Page 32: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/32.jpg)
Problem Frames(Problem Decomposition)
• Problem decomposition into subproblems [10]
Problem Context Problem Diagram for Employee Display Information subproblem
![Page 33: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/33.jpg)
Abuse Frames • Generic Abuse Frame [12]
• Model and analyze threats• Bound scope of security problems
– What attack harms what asset in what subproblem
![Page 34: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/34.jpg)
Abuse Frames
Abuse Frame for Regime editing subproblem [12]
c: The editing commands that are entered by the Operator.d: The edit operations performed by the Regime Editor.e: The effects of the edits on the Light Regime
![Page 35: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/35.jpg)
Security Requirement Engineering based on Problem Frames
1- Model system using Problem Frames2- Identifying assets and threat
descriptions.– “What harm could come from violating the
[insert security concerns] of [insert asset]?”
3- Identify high-level security goals thatavoids threats Example,“Provide data to authorized users”
![Page 36: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/36.jpg)
Security Requirement Engineering based on Problem Frames
4- Constrain Functional requirements to avoid threats
Problem Frame Diagram for constrained functional requirement [11]
![Page 37: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/37.jpg)
Security Requirement Engineering based on Problem Frames
5- Validate security requirements using security arguments
• Trust assumptions• (domain behavior premises) |- (security
requirements)
A |- B means B can be proved from A.
![Page 38: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/38.jpg)
Security Requirement Engineering based on Problem Frames
Advantages:
• Specifies security requirements precisely by constraining functional requirements
• Integrate system behavior with threats using problem frames
![Page 39: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/39.jpg)
Security Problem Frames:
Generic patterns for security problems [15]
![Page 40: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/40.jpg)
Thesis Objective
Develop a methodology for eliciting security requirement that adapts problem frames, abuse frames and security problem frames to achieve the two main objectives :
(1) Eliciting adequate security requirements (2) Assisting security inexperienced analysts
to elicit security requirements
![Page 41: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/41.jpg)
Proposed Methodology
cd Approach steps
Model the system contextand functionalrequirements
Identify the system assets
Identify threats usingabuse frames
Constrain FunctionalRequirements To ObtainSecurity requirements
Instantiate SecurityProblem Frame
Crosscut threats withAssets to identify
v ulnerabilities
Search Security Problem Frames
(SPF) Catalog
[No Vulnerabil ity][Found Vulnerabil ity]
[If found SPF][If no results]
![Page 42: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/42.jpg)
Methodology Advantages
• Utilizes different methodologies based on problem frames that complement each other
• Assist the analyst during security requirement elicitation
![Page 43: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/43.jpg)
Contribution
• Interfacing between the Security Problem Frames, Abuse Frames and Problem Frames
• Provide a tool that helps in choosing and instantiating the patterns in the Security problem frame catalog
![Page 44: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/44.jpg)
References• [1] A. Apvrille and M. Pourzandi, "Secure Software
Development by Example," IEEE Security &Privacy, vol. 3, no. 4, pp. 10–17, 2005
• [2] D. Firesmith. “Security Use Cases”. Journal of Object Technology, Vol. 2, No. 3, 53-64, 2003
• [3] Suvda Myagmar, Adam J. Lee, and William Yurcik, “Threat Modeling as a Basis for SecurityRequirements”, IEEE Symposium on Requirements Engineering for Information Security (SREIS’05), 2005
![Page 45: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/45.jpg)
References• [4] A. van Lamsweerde, “Elaborating Security
Requirements by Construction of Intentional Anti-models,” Proc. 26th Int’l Conf. Software Eng. (ICSE 04), IEEE CS Press, 2004
• [5] Bruce Schneier, “Attack Trees,” Dr. Dobb's Journal December 1999
• [6] F. Swiderski and W. Snyder. Threat Modeling. Microsoft Press, 2004
![Page 46: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/46.jpg)
References• [7] S. Ardi, David Byres,P. H. Meland,I.A. Tondel,
N.Shahmehri “How Can the Developer Benefit From Security Modeling ”, In Second International Conference on Availability, Reliability and Security(ARES’07), IEEE, 2007
• [8] L. Liu, E. Yu, and J. Mylopoulos. Security and privacy requirements analysis within a social setting. In Proc. of RE’03, pages 151–161, 2003
• [9] M. Jackson. Problem Frames , “Problem Frames and Software Engineering,” Expert Systems, Volume 25, Number 1, pp. 7-8(2), February 2008 M. Jackson. Problem Frames , “Problem Frames and Software Engineering,” Expert Systems, Volume 25, Number 1, pp. 7-8(2), February 2008
![Page 47: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/47.jpg)
References• [10] C.B. Haley, R. Laney, and B. Nuseibeh “Deriving
Security Requirements From Crosscutting Threat Descriptions,” in Proceedings of the Third International Conference on Aspect-Oriented Software Development, Lancaster, UK, March 22–26, 2004
• [11] C.B. Haley, J.D. Moffett, R. Laney, and B. Nuseibeh, “A Framework for Security Requirements Engineering,”Proc. 2006 Software Eng. for Secure Systems Workshop with the 28th Int’l Conf. Software Eng. , 2006
• [12] D. Hatebur, M. Heisel, and H. Schmidt, “A pattern system for security requirements engineering,” in Proceedings of the International Conference on Availability, Reliability and Security (AReS), pp.356-365, IEEE, 2007
![Page 48: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/48.jpg)
References• [12] Lin, L., Nuseibeh, B., Ince, D., Jackson, M., &
Moffett, J. "Introducing Abuse Frames for Analyzing Security Requirements," In Proceedings of the 11th IEEE International Requirements Engineering Conference (RE'03). Monterey CA USA, pp. 371-372, Sep 2003
• [13] A. van Lamsweerde and E. Letier, “Handling Obstacles in Goal-Oriented Requirements Engineering”, IEEE Transactions on Software Engineering, Special Issue on Exception Handling, 2000
• [14] Laurent A. Hermoye and Axel van Lamsweerde, and Dewayne E. Perry. "A Reuse-Based Approach to Security Requirements Engineering", September 2006
![Page 49: A Methodology for Capturing Software Systems Security ...rafea/CSCE590/Fall08/Hassan/Seminar.pdf · Issue on Exception Handling, 2000 • [14] Laurent A. Hermoye and Axel van Lamsweerde,](https://reader033.vdocuments.us/reader033/viewer/2022050310/5f725ee2192a0a58ec2308ad/html5/thumbnails/49.jpg)
References• [15] D. Hatebur, M. Heisel, and H. Schmidt, “A pattern
system for security requirements engineering,” in Proceedings of the International Conference on Availability, Reliability and Security (AReS), pp.356-365, IEEE, 2007