DocumentCode :
2429459
Title :
A Systematic Framework for Structured Object-Oriented Security Requirements Analysis in Embedded Systems
Author :
Markose, S. ; Xiaoqing Liu ; McMillin, B.
Author_Institution :
Comput. Sci. Dept., Missouri Univ. of Sci. & Technol., Rolla, MO
Volume :
1
fYear :
2008
fDate :
17-20 Dec. 2008
Firstpage :
75
Lastpage :
81
Abstract :
The primary goal of this paper is to develop a structured object-oriented security requirements analysis methodology for the elicitation and analysis of security requirements in embedded systems. There are several approaches to elicit, analyze and specify security requirements in embedded systems ranging from formal mathematical models for proof of certain security properties to informal methods that are easily understood. Applicability of formal security models is limited because they are complex and it is time consuming to develop. On the other hand, informal security requirements analysis methods are not integrated with conceptual models in requirements analysis, and although both external and internal threats have been dealt using use cases and misuse cases, they provide no process for analyzing both internal and external threats in a structured manner. This paper discusses a structured object-oriented security requirements analysis methodology for the elicitation and analysis of security requirements in embedded systems. It is capable of identifying hierarchically both external and internal threats posed by both external and internal actors of a system level by level. It is illustrated and validated by security requirements analysis for an advanced embedded power grid control system.
Keywords :
embedded systems; formal specification; object-oriented programming; security of data; systems analysis; embedded system; formal mathematical model; security requirement elicitation; structured object-oriented security requirements analysis methodology; Computer science; Computer security; Control systems; Embedded system; Mathematical model; Object oriented modeling; Power grids; Power system security; Ubiquitous computing; Unified modeling language; Security requirements; and security requirements; misuse cases; security goal; structured object-oriented analysis; use cases;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Embedded and Ubiquitous Computing, 2008. EUC '08. IEEE/IFIP International Conference on
Conference_Location :
Shanghai
Print_ISBN :
978-0-7695-3492-3
Type :
conf
DOI :
10.1109/EUC.2008.92
Filename :
4756323
Link To Document :
بازگشت