Title :
Practical Experience Gained from Modeling Security Goals: Using SGITs in an Industrial Project
Author :
Jung, Christian ; Elberzhager, Frank ; Bagnato, Alessandra ; Raiteri, Fabio
Author_Institution :
Security & Safety, Testing & Inspections, Fraunhofer IESE, Kaiserslautern, Germany
Abstract :
Security inspections, especially in the early development stage, are becoming increasingly important for bringing security-relevant aspects into software systems. Nowadays, such inspections often do not focus in detail on security. The well-known and approved benefits of inspections do not exploit their full potential regarding security. Thus, we have developed the Security Goal Indicator Tree (SGIT) for eliminating existing shortcomings. SGITs are a new approach for modeling and checking security-relevant aspects during the entire software development lifecycle. This article describes the modeling of such security-goal-based trees as part of requirements engineering. Initial experience was gathered from creating SGITs in an industrial environment. After the probands of our industry partner received training on existing security models, the necessary knowledge for creating security models was collected and applied. This resulted in three context-specific SGITs discussed in this article.
Keywords :
security of data; software engineering; industrial project; requirements engineering; security goal indicator tree; security goals modeling; security inspections; security-relevant aspects; software development lifecycle; software systems; Availability; Industrial training; Inspection; Programming; Quality assurance; Security; Software engineering; Software quality; Software systems; Software testing; inspection; practical experience; security goal; security inspection; security modeling;
Conference_Titel :
Availability, Reliability, and Security, 2010. ARES '10 International Conference on
Conference_Location :
Krakow
Print_ISBN :
978-1-4244-5879-0
DOI :
10.1109/ARES.2010.12
