Extracting Security Requirements from Reality
In recent years, research efforts have been aimed at providing methodologies and techniques for secure software engineering. In this direction, UMLsec is proposed as a standard extension of UML for expressing security-relevant information. This paper scrutinizes this proposed method for security requirements specification and develops a different basic methodology that can be used for the stated purpose. The paper demonstrates that security considerations need completeness and continuity of specifications to avoid gaps or breaks in the logical sequence of events in systems. Accordingly, the paper presents a flow-based systematic diagramming scheme suitable for these features. We demonstrate the concepts with examples.
UML UMLsec conceptual modeling activity diagrams flow model Security requirements
Sabah Al-Fedaghi Khalid Assaf AI-Enazi
Computer Engineering Department Kuwait University Kuwait
国际会议
上海
英文
221-228
2011-03-11(万方平台首次上网日期,不代表论文的发表时间)