Abstract
The security requirements in the software life cycle has received some attention recently. However, it is not yet clear how to build security requirements. This paper describes and illustrates a process to build application specific security requirements from state transition diagrams at the security threat location. Using security failure data, we identify security threat locations which attackers could use to exploit software vulnerabilities. A state transition diagram is constructed to be used to protect, mitigate, and remove vulnerabilities relative to security threat locations. In the software development process, security requirements are obtained from state transition diagrams relative to the security threat location.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Moore, A.P., Ellison, R.J., Linger, R.C.: Attack modeling for information security and survivability. Technical Report CMU/SEI-2001-TN-001 (2001)
Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th International Conference on Software Engineering(ICSE 2004) (2004)
Bishop, M.: Vulnerabilities analysis. In: Web proceedings of the 2nd International Workshop on Recent Advances in Intrusion Detection (RAID 1999) (1999)
Common criteria for information technology security evaluation, Version 2.1. CCIMB-99-031 (1999)
Firesmith, D.: Specifying reusable security requirements. Journal of Object Technology 3 (2004)
McGraw, G.: Software security. IEEE Security & Privacy 2, 80–83 (2004)
Alexander, I.: Misuse cases: Use cases with hostile intent. IEEE Software 20, 58–66 (2003)
Krsul, I.V.: Computer vulnerability analysis. PhD thesis, Purdue University (1998)
McDermott, J.: Extracting security requirements by misuse cases. In: Proc. 27th Technology of Objected-Oriented Languages and Systems, pp. 120–131 (2000)
McDermott, J., Fox, C.: Using abuse case models for security requirements analysis. In: Proc. Annual Computer Security Applications Conference (ACSAC 1999) (1999)
Whittacker, J.A., Howard, M.: Building more secure software with improved development processes. IEEE Security & Privacy 2, 63–65 (2004)
Viega, J., McGraw, G.: Building secure software. Addison-Wesley, Reading (2004)
Howard, M., LeBlanc, D.C.: Writing secure code, 2nd edn. Microsoft (2003)
Schumacher, M., Roedig, U.: Security engineering with patterns. In: PLoP Proceedings (2001)
Jurjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, p. 412. Springer, Heidelberg (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Seo, S.C., You, J.H., Kim, Y.D., Choi, J.Y., Lee, S.J., Kim, B.K. (2005). Building Security Requirements Using State Transition Diagram at Security Threat Location. In: Hao, Y., et al. Computational Intelligence and Security. CIS 2005. Lecture Notes in Computer Science(), vol 3802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596981_66
Download citation
DOI: https://doi.org/10.1007/11596981_66
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30819-5
Online ISBN: 978-3-540-31598-8
eBook Packages: Computer ScienceComputer Science (R0)