Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enhancing Security Requirements Engineering by Organizational Learning

Published byMarie-Louise Drapeau Modified over 6 years ago

Similar presentations

Presentation on theme: "Enhancing Security Requirements Engineering by Organizational Learning"— Presentation transcript:

1 Enhancing Security Requirements Engineering by Organizational Learning
A Method Engineering Analysis

2 Why was it developed? Security is an important issue in software projects, Identifying security requirements is labor-intensive and error prone, New security-relevant requirements keep emerging, Security experts are a scarce resource.

3 Glossary Bayesian Classifiers - a family of probabilistic classifiers, based on Bayes’ theorem and the assumption of the independence of the input features. Common Criteria - international standard for the security requirements within information technology, ensuring high and consistent standards of the protection profiles of software products.

4 Step overview Automated analysis of the previous projects’ requirements by Heuristic Requirements Assistant (HeRA) with the application of Bayesian classifiers. Analysis of the output by the stakeholders, proposing changes to HeRA’s suggestions, as well as identifying new requirements.

5 Step overview Requirements elicitation by engineers on the basis of Common Criteria, as well as personal and organizational knowledge. Requirements refinement by a security expert (if available), based on his/her personal experience and best practices.

6 Step overview Documentation of the requirements with the use of UMLsec and storing them in the organization’s knowledge base for further reuse.

7 Process-Deliverable Diagram (1/2)

8 Process-Deliverable Diagram (2/2)

9 Example template

10 References Jürjens, J. (2001). Towards Development of Secure Systems Using UMLsec. In H. Hussmann (Ed.), Fundamental Approaches to Software Engineering (pp ). Berlin: Springer. Jürjens, J. (2002). UMLsec: Extending UML for Secure Systems Development. In J.-M. Jézéquel, H. Hussmann, S. Cook (Eds.), ≪UML≫ 2002 — The Unified Modeling Language (pp ). Berlin: Springer. Knauss, E., Luebke, D., & Meyer, S. (2009). Feedback-driven requirements engineering: the heuristic requirements assistant. In S. Fickas, J. Atlee, P. Inverardi (Eds.), Software Engineering, ICSE IEEE 31st International Conference (pp ). Vancouver, BC: IEEE. Schneider, K., Knauss, E., Houmb, S., Islam, S., & Jürjens, J. (2012). Enhancing security requirements engineering by organizational learning. Requirements Engineering, 17(1), Vapnik, V. N., & Vapnik, V. (1998). Statistical learning theory (Vol. 1). New York: Wiley. Vetterling, M., Wimmel, G., & Wisspeintner, A. (2002). Secure systems development based on the common criteria: the PalME project. ACM SIGSOFT Software Engineering Notes, 27(6),

Download ppt "Enhancing Security Requirements Engineering by Organizational Learning"

Similar presentations

Towards a Unified Business Strategy Language: A Meta-model of Strategy Maps Constantinos Giannoulis Michael Petit Jelena Zdravkovic.

Towards a Unified Business Strategy Language: A Meta-model of Strategy Maps Constantinos Giannoulis Michael Petit Jelena Zdravkovic.
Ch 3: Unified Process CSCI 4320: Software Engineering.

Ch 3: Unified Process CSCI 4320: Software Engineering.
CS487 Software Engineering Omar Aldawud

CS487 Software Engineering Omar Aldawud
CHAPTER 1 SOFTWARE DEVELOPMENT. 2 Goals of software development Aspects of software quality Development life cycle models Basic concepts of algorithm.

CHAPTER 1 SOFTWARE DEVELOPMENT. 2 Goals of software development Aspects of software quality Development life cycle models Basic concepts of algorithm.
5/14/2015 6:33:16 AM 5864_ER_WHITE.1 Simple use of UML for assisting in the creation of Common Criteria evaluation inputs Karen Sheh CSC Australia.

5/14/2015 6:33:16 AM 5864_ER_WHITE.1 Simple use of UML for assisting in the creation of Common Criteria evaluation inputs Karen Sheh CSC Australia.
Designing Software for Ease of Extension and Contraction

Designing Software for Ease of Extension and Contraction
1 CS 425 Software Engineering Project Preparation Use Case Modeling [Based on Chapters 3 & 4, Arlow and Neustadt, “UML and the Unified Process,” Addison-Wesley,

1 CS 425 Software Engineering Project Preparation Use Case Modeling [Based on Chapters 3 & 4, Arlow and Neustadt, “UML and the Unified Process,” Addison-Wesley,
UML CASE Tool. ABSTRACT Domain analysis enables identifying families of applications and capturing their terminology in order to assist and guide system.

UML CASE Tool. ABSTRACT Domain analysis enables identifying families of applications and capturing their terminology in order to assist and guide system.
Software Engineering for Safety : A Roadmap Presentation by: Manu D Vij CS 599 Software Engineering for Embedded Systems.

Software Engineering for Safety : A Roadmap Presentation by: Manu D Vij CS 599 Software Engineering for Embedded Systems.
Information Systems Development and Acquisition Chapter 8 Jessup & Valacich Instructor: Ramesh Sankaranarayanan.

Information Systems Development and Acquisition Chapter 8 Jessup & Valacich Instructor: Ramesh Sankaranarayanan.
SwE 313 Introduction to Rational Unified Process (RUP)

SwE 313 Introduction to Rational Unified Process (RUP)
Model-Driven User Requirements Specification using SysML Authors: Michel dos Santos Soares, Jos Vrancken Source: Journal of Software(JSW), Vol. 3, No.

Model-Driven User Requirements Specification using SysML Authors: Michel dos Santos Soares, Jos Vrancken Source: Journal of Software(JSW), Vol. 3, No.
Principles of Object Technology Module 1: Principles of Modeling.

Principles of Object Technology Module 1: Principles of Modeling.
Leuven, 2007-05-22 Computer Aided Document Indexing System for Accessing Legislation A Joint Venture of Flanders and Croatia Bojana Dalbelo Bašić Faculty.

Leuven, Computer Aided Document Indexing System for Accessing Legislation A Joint Venture of Flanders and Croatia Bojana Dalbelo Bašić Faculty.
Implementation of HUBzero as a Knowledge Management System in a Large Organization HUBBUB Conference 2012 September 24 th, 2012 Gaurav Nanda, Jonathan.

Implementation of HUBzero as a Knowledge Management System in a Large Organization HUBBUB Conference 2012 September 24 th, 2012 Gaurav Nanda, Jonathan.
Introduction to RUP Spring 2006. Sharif Univ. of Tech.2 Outlines What is RUP? RUP Phases –Inception –Elaboration –Construction –Transition.

Introduction to RUP Spring Sharif Univ. of Tech.2 Outlines What is RUP? RUP Phases –Inception –Elaboration –Construction –Transition.
PALMS-CI: A Policy-driven Cyberinfrastructure For the Exposure Biology Community Barry Demchak Jacqueline Kerr, Gregory Norman, Ernesto.

PALMS-CI: A Policy-driven Cyberinfrastructure For the Exposure Biology Community Barry Demchak Jacqueline Kerr, Gregory Norman, Ernesto.
An Approach to Test Autonomic Containers Ronald Stevens (IEEE Computer Society & ACM Student Member) August 1, 2006 REU Sponsored by NSF.

An Approach to Test Autonomic Containers Ronald Stevens (IEEE Computer Society & ACM Student Member) August 1, 2006 REU Sponsored by NSF.
ACS 562 – SYSTEMS ANALYSIS AND DESIGN Course Accomplishment Summary Shilpashree K.S Varsha Fall 2010 Purdue University – Fort Wayne Instructor – Dr. John.

ACS 562 – SYSTEMS ANALYSIS AND DESIGN Course Accomplishment Summary Shilpashree K.S Varsha Fall 2010 Purdue University – Fort Wayne Instructor – Dr. John.
Information Systems Analysis and Design

Information Systems Analysis and Design

Similar presentations

Ads by Google