Enhancing Security Requirements Engineering by Organizational Learning

Slides:



Advertisements
Similar presentations
Towards a Unified Business Strategy Language: A Meta-model of Strategy Maps Constantinos Giannoulis Michael Petit Jelena Zdravkovic.
Advertisements

Ch 3: Unified Process CSCI 4320: Software Engineering.
CS487 Software Engineering Omar Aldawud
CHAPTER 1 SOFTWARE DEVELOPMENT. 2 Goals of software development Aspects of software quality Development life cycle models Basic concepts of algorithm.
5/14/2015 6:33:16 AM 5864_ER_WHITE.1 Simple use of UML for assisting in the creation of Common Criteria evaluation inputs Karen Sheh CSC Australia.
Designing Software for Ease of Extension and Contraction
1 CS 425 Software Engineering Project Preparation Use Case Modeling [Based on Chapters 3 & 4, Arlow and Neustadt, “UML and the Unified Process,” Addison-Wesley,
UML CASE Tool. ABSTRACT Domain analysis enables identifying families of applications and capturing their terminology in order to assist and guide system.
Software Engineering for Safety : A Roadmap Presentation by: Manu D Vij CS 599 Software Engineering for Embedded Systems.
Information Systems Development and Acquisition Chapter 8 Jessup & Valacich Instructor: Ramesh Sankaranarayanan.
SwE 313 Introduction to Rational Unified Process (RUP)
Model-Driven User Requirements Specification using SysML Authors: Michel dos Santos Soares, Jos Vrancken Source: Journal of Software(JSW), Vol. 3, No.
Principles of Object Technology Module 1: Principles of Modeling.
Leuven, Computer Aided Document Indexing System for Accessing Legislation A Joint Venture of Flanders and Croatia Bojana Dalbelo Bašić Faculty.
Implementation of HUBzero as a Knowledge Management System in a Large Organization HUBBUB Conference 2012 September 24 th, 2012 Gaurav Nanda, Jonathan.
Introduction to RUP Spring Sharif Univ. of Tech.2 Outlines What is RUP? RUP Phases –Inception –Elaboration –Construction –Transition.
PALMS-CI: A Policy-driven Cyberinfrastructure For the Exposure Biology Community Barry Demchak Jacqueline Kerr, Gregory Norman, Ernesto.
An Approach to Test Autonomic Containers Ronald Stevens (IEEE Computer Society & ACM Student Member) August 1, 2006 REU Sponsored by NSF.
ACS 562 – SYSTEMS ANALYSIS AND DESIGN Course Accomplishment Summary Shilpashree K.S Varsha Fall 2010 Purdue University – Fort Wayne Instructor – Dr. John.
Information Systems Analysis and Design
VTT-STUK assessment method for safety evaluation of safety-critical computer based systems - application in BE-SECBS project.
Introduction to Information Technology Turban, Rainer and Potter John Wiley & Sons, Inc. Copyright 2005.
ACS 560 – SOFTWARE ENGINEERING Course Accomplishment Summary Shilpashree K.S Fall 2010 Purdue University – Fort Wayne Instructor – Dr. John Tanik.
Public Health Data Standards Consortium
Systems Design Approaches The Waterfall vs. Iterative Methodologies.
United States Department of Agriculture Food Safety and Inspection Service 1 National Advisory Committee on Meat and Poultry Inspection August 8-9, 2007.
CDL-Flex Empirical Research
Abstract We present two Model Driven Engineering (MDE) tools, namely the Eclipse Modeling Framework (EMF) and Umple. We identify the structure and characteristic.
1 Software Development Software Engineering is the study of the techniques and theory that support the development of high-quality software The focus is.
1 pUML part 3 Precise UML Conclusions. 2 pUML part 3 5 ways for Requirements u Textual Description u Building Prototype u Axioms, mathematical u Z u UML.
Secure Systems Research Group - FAU Model Checking Techniques for Security Systems 5/14/2009 Maha B Abbey PhD Candidate.
Requirement Handling
Object-Oriented Software Engineering using Java, Patterns &UML. Presented by: E.S. Mbokane Department of System Development Faculty of ICT Tshwane University.
1 Software Requirements l Specifying system functionality and constraints l Chapters 5 and 6 ++
1-1 Software Development Objectives: Discuss the goals of software development Identify various aspects of software quality Examine two development life.
On the design and development of program families Presented by: M. Deng and J. Zhang 4/15/2002 CSE870 Advanced Software Engineering, Spring 2002.
1. The Requirements Process Requirements Input Example
The principles of an object oriented software development process Week 04 1.
Ping-Tsun Chang Intelligent Systems Laboratory Computer Science and Information Engineering National Taiwan University Combining Unsupervised Feature Selection.
Requirements Analysis
ANALYSIS PHASE OF BUSINESS SYSTEM DEVELOPMENT METHODOLOGY.
1 CEN 4020 Software Engineering PPT4: Requirement analysis.
Your Interactive Guide to the Digital World Discovering Computers 2012 Chapter 12 Exploring Information System Development.
Toward Open-source Compilers in a Cloud-based Environment: The Need and Current Challenges Presenting Author: Contact: Taher Ahmed Ghaleb
Requirement Elicitation Review – Class 8 Functional Requirements Nonfunctional Requirements Software Requirements document Requirements Validation and.
© NALO Solutions Limited NALO Solutions, presents the – Revenue Collector App Using Mobile Phones to gather Revenue SOFTWARE ENGINEERING.
1 The XMSF Profile Overlay to the FEDEP Dr. Katherine L. Morse, SAIC Mr. Robert Lutz, JHU APL
Understanding Enterprise Architecture
Project Planning: Scope and the Work Breakdown Structure
Chapter 4 Requirements Engineering (2/3)
Chapter 4 – Requirements Engineering
CSCE 548 Secure Software Development Use Cases Misuse Cases
Object-Oriented Software Engineering Using UML, Patterns, and Java,
Chapter 4: Use Case Modeling
Ontology-based Software Engineering
Introduction to Software Engineering
Improving System Availability using Overlapping Decomposition-Based
Informatics 121 Software Design I
Image Segmentation Techniques
Improving LSPCM Applying LSPCM - product area Tests to an offshoring project By Soundarya Lakshmi. M.
Decentralized Model-Based Testing of Distributed Systems
Prepared by: Mahmoud Rafeek Al-Farra
Lecture # 7 System Requirements
CS 425 Software Engineering
CS 425/625 Software Engineering
How to deal with requirements in an Agile context?
UML Design for an Automated Registration System
Overview of Computer system
Presentation transcript:

Enhancing Security Requirements Engineering by Organizational Learning A Method Engineering Analysis

Why was it developed? Security is an important issue in software projects, Identifying security requirements is labor-intensive and error prone, New security-relevant requirements keep emerging, Security experts are a scarce resource.

Glossary Bayesian Classifiers - a family of probabilistic classifiers, based on Bayes’ theorem and the assumption of the independence of the input features. Common Criteria - international standard for the security requirements within information technology, ensuring high and consistent standards of the protection profiles of software products.

Step overview Automated analysis of the previous projects’ requirements by Heuristic Requirements Assistant (HeRA) with the application of Bayesian classifiers. Analysis of the output by the stakeholders, proposing changes to HeRA’s suggestions, as well as identifying new requirements.

Step overview Requirements elicitation by engineers on the basis of Common Criteria, as well as personal and organizational knowledge. Requirements refinement by a security expert (if available), based on his/her personal experience and best practices.

Step overview Documentation of the requirements with the use of UMLsec and storing them in the organization’s knowledge base for further reuse.

Process-Deliverable Diagram (1/2)

Process-Deliverable Diagram (2/2)

Example template

References Jürjens, J. (2001). Towards Development of Secure Systems Using UMLsec. In H. Hussmann (Ed.), Fundamental Approaches to Software Engineering (pp. 187-200). Berlin: Springer. Jürjens, J. (2002). UMLsec: Extending UML for Secure Systems Development. In J.-M. Jézéquel, H. Hussmann, S. Cook (Eds.), ≪UML≫ 2002 — The Unified Modeling Language (pp. 412-425). Berlin: Springer. Knauss, E., Luebke, D., & Meyer, S. (2009). Feedback-driven requirements engineering: the heuristic requirements assistant. In S. Fickas, J. Atlee, P. Inverardi (Eds.), Software Engineering, 2009. ICSE 2009. IEEE 31st International Conference (pp. 587-590). Vancouver, BC: IEEE. Schneider, K., Knauss, E., Houmb, S., Islam, S., & Jürjens, J. (2012). Enhancing security requirements engineering by organizational learning. Requirements Engineering, 17(1), 35-56. Vapnik, V. N., & Vapnik, V. (1998). Statistical learning theory (Vol. 1). New York: Wiley. Vetterling, M., Wimmel, G., & Wisspeintner, A. (2002). Secure systems development based on the common criteria: the PalME project. ACM SIGSOFT Software Engineering Notes, 27(6), 129-138.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.