Skip to main content
SpringerLink
Log in
Book cover

International Conference on Autonomic and Trusted Computing

ATC 2006: Autonomic and Trusted Computing pp 500–510Cite as

A Framework for Specifying and Managing Security Requirements in Collaborative Systems

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 4158))

Abstract

Although security has been recognized as an increasingly important and critical issue for software system development, most security requirements are poorly specified: ambiguous, misleading, inconsistent among various parts, and lacking sufficient details. In this paper, a framework for specifying unambiguous, interoperable security requirements and detecting conflict and undesirable emergent properties in collaborative systems is presented. The framework includes a core ontology representing hierarchical security requirements , an ontology-based security requirement specification process, a set of security requirement refining rules, an algorithm for automatic security requirement refinement and an analysis algorithm to detect inconsistent security requirements. In this paper, the specification and refinement of security requirements are emphasized.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Howard, M., LeBlanc, D.: Writing Secure Code. Microsoft Press, Redmond (2001)

    Google Scholar 

  2. Chung, L.: Dealing with Security Requirements during the Development of Information Systems. In: Rolland, C., Cauvet, C., Bodart, F. (eds.) CAiSE 1993. LNCS, vol. 685, pp. 234–251. Springer, Heidelberg (1993)

    Google Scholar 

  3. Mead, N.R., Stehney, T.: Security Quality Requirements Engineering (SQUARE) Methodology. In: Proc. Workshop on Software engineering for Secure Systems, pp. 1–7 (2005)

    Google Scholar 

  4. Hoo, K.S., Sudbury, A.W., Jaquith, A.R.: Tangible ROI Through Secure Software Engineering. Secure Business Quarterly 1(2) (2001), available at: http://www.sbq.com/sbq/rosi/sbq_rosi_software_engineering.pdf

  5. Viega, J., McGraw, G.: Building Secure Software: How to Avoid Security Problems the Right Way. Addison-Wesley, Reading (2001)

    Google Scholar 

  6. Keller, S.E., Kahn, L.G., Panara, R.B.: Specifying software quality requirements with metrics. In: Thayer, R.H., Dorfman, M. (eds.) Tutorial: System and Software Requirements Engineering, pp. 145–163. IEEE Computer Society Press, Los Alamitos (1990)

    Google Scholar 

  7. Liu, L., Yu, E., Mylopoulos, J.: Analyzing Security Requirements as Relationships Among Strategic Actors. In: E-Proc. 2nd Symp. on Requirements Engineering for Information Security (SREIS 2002) (2002), http://www.sreis.org/old/2002/finalpaper9.pdf

  8. France, R., Ray, I., Georg, G., Ghosh, S.: Aspect-oriented Approach to Early Design Modeling. IEE Proc. Software 151(4), 173–185 (2004)

    Article  Google Scholar 

  9. Lodderstedt, T., Basin, D.A., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)

    Google Scholar 

  10. Yau, S.S., Yao, Y., Chen, Z., Zhu, L.: An Adaptable Security Framework for Service-based Systems. In: Proc. 10th IEEE Int’l Workshop on Object-oriented Real-time Dependable Systems (WORDS 2005), pp. 28–35 (2005)

    Google Scholar 

  11. Yau, S.S., Huang, D., Gong, H., Yao, Y.: Support for Situation-Awareness in Trustworthy Ubiquitous Computing Application Software. In: Jour. Software Practice and Experience (2006), available at: http://www3.interscience.wiley.com/cgi-bin/fulltext/112600143/PDFSTART

  12. Gruber, T.R.: A translation approach to portable ontologies. Knowledge Acquisition 5(2), 199–220 (1993)

    Article  Google Scholar 

  13. Department of Defense, U.S.: Trusted Computer Systems Evaluation Criteria, DOD 5200.28-STD (December 1985), available at: http://csrc.nist.gov/secpubs/rainbow/std001.txt

  14. Yau, S.S., Wang, Y., Huang, D., In, H.P.: Situation-aware Contract Specification Language for Middleware for Ubiquitous Computing. In: Proc. 9th IEEE Workshop on Future Trends of Distributed Computing Systems, pp. 93–99 (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Arizona State University, Tempe, AZ, 85287-8809, USA

    Stephen S. Yau & Zhaoji Chen

Authors
  1. Stephen S. Yau
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhaoji Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, St. Francis Xavier University, Antigonish, Canada

    Laurence T. Yang

  2. Services Computing Technology and System Lab Cluster and Grid Computing Lab School of Computer Science and Technology, Huazhong University of Science and Technology, 430074, Wuhan, China

    Hai Jin

  3. Hosei University, 184-8584, Tokyo, Japan

    Jianhua Ma

  4. Department of Computer Science, University of Augsburg, 86135, Augsburg, Germany

    Theo Ungerer

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yau, S.S., Chen, Z. (2006). A Framework for Specifying and Managing Security Requirements in Collaborative Systems. In: Yang, L.T., Jin, H., Ma, J., Ungerer, T. (eds) Autonomic and Trusted Computing. ATC 2006. Lecture Notes in Computer Science, vol 4158. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11839569_49

Download citation

  • DOI: https://doi.org/10.1007/11839569_49

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-38619-3

  • Online ISBN: 978-3-540-38622-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation