A novel method of security requirements development integrated common criteria

Author

Yin, Lei ; Qiu, Fang-liang

Author_Institution

Sch. of Mechano-Electron. Eng., Xidian Univ., Xi´´an, China

Volume

5

fYear

2010

fDate

25-27 June 2010

Abstract

A tri-stages security requirements engineering development model, which includes early-stage security requirements modeling, security policy and late-stage security requirements modeling, is proposed to improve the traditional security requirements modeling method. An extended framework, which defines new security flaw node, threat means node and elimination link, is proposed to identify the security objectives correctly and describe early-stage security requirements entirely. A method of defining security strategy formally is proposed to express security environment, avoid the conflicts and reduce the complexities of security rules. A kind of requirements modeling language CC-UML, which constructed by Conservative Extension of UML Metamodel, is proposed to integrate the CC functional requirements and late-stage security requirements seamlessly.

Keywords

Unified Modeling Language; formal verification; security of data; UML metamodel; early-stage security requirements modeling; elimination link; late-stage security requirements modeling; requirements engineering development model; security flaw node; security policy; security rules complexities; threat means node; Argon; Cities and towns; Computer security; Design engineering; ISO standards; Information security; Information systems; Risk analysis; Unified modeling language; Common Criteria; Extended UML; Security Policy Formalization; Security Requirements Analyze; i* Framework;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Design and Applications (ICCDA), 2010 International Conference on

Conference_Location

Qinhuangdao

Print_ISBN

978-1-4244-7164-5

Electronic_ISBN

978-1-4244-7164-5

Type

conf

DOI

10.1109/ICCDA.2010.5541109

Filename

5541109