Title :
A novel method of security requirements development integrated common criteria
Author :
Yin, Lei ; Qiu, Fang-liang
Author_Institution :
Sch. of Mechano-Electron. Eng., Xidian Univ., Xi´´an, China
Abstract :
A tri-stages security requirements engineering development model, which includes early-stage security requirements modeling, security policy and late-stage security requirements modeling, is proposed to improve the traditional security requirements modeling method. An extended framework, which defines new security flaw node, threat means node and elimination link, is proposed to identify the security objectives correctly and describe early-stage security requirements entirely. A method of defining security strategy formally is proposed to express security environment, avoid the conflicts and reduce the complexities of security rules. A kind of requirements modeling language CC-UML, which constructed by Conservative Extension of UML Metamodel, is proposed to integrate the CC functional requirements and late-stage security requirements seamlessly.
Keywords :
Unified Modeling Language; formal verification; security of data; UML metamodel; early-stage security requirements modeling; elimination link; late-stage security requirements modeling; requirements engineering development model; security flaw node; security policy; security rules complexities; threat means node; Argon; Cities and towns; Computer security; Design engineering; ISO standards; Information security; Information systems; Risk analysis; Unified modeling language; Common Criteria; Extended UML; Security Policy Formalization; Security Requirements Analyze; i* Framework;
Conference_Titel :
Computer Design and Applications (ICCDA), 2010 International Conference on
Conference_Location :
Qinhuangdao
Print_ISBN :
978-1-4244-7164-5
Electronic_ISBN :
978-1-4244-7164-5
DOI :
10.1109/ICCDA.2010.5541109