References

  • [Abr98] Abrams, M.: Application of the Protection Profile to Define Requirements for a Telecommunications Services Contract. IEEE Software, 15(2). 1998
  • [Aka97] Akao, Y.: QFD: Past, present and future. Transactions of the Third International Symposium on Quality Function Deployment. 1997
  • [Alb02] Alberts, C., Dorofee, A.: Managing Information Security Risks: The OCTAVE (SM) Approach. Addison-Wesley. 2002
  • [Alb05] Alberts, C. et. al.: Introduction to the OCTAVE Approach. CERT Coordination Center. www.cert.org/octave/approach_intro.pdf
  • [Alb99] Alberts, C., Behrens, S., Pethia, R., Wilson, W.: Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE-SM) Framework, Version 1.0 (CMU/SEI-99-TR-017, ADA 367718). Software Engineering Institute, Carnegie Mellon University. 1999
  • [Ale02] Alexander, I.: Initial Industrial Experience of Misuse Cases in Trade-Off Analysis. Proceedings of IEEE Joint International Requirements Engineering Conference. 2002
  • [Ale03] Alexander, I.: Misuse Cases Help to Elicit Non-Functional Requirements. Computing and Control Engineering. 2003
  • [Bos06] Boström, G., Wäyrynen, J., Bodén, M., Beznosov, K., Kruchten, P.: Extending XP Practices to Support Security Requirements Engineering. Proceedings of Workshop on Software Engineering for Secure Systems (SESS). 2006
  • [Bre04] Bresciani, P., Giorgini, P, Giunchiglia, F, Mylopoulos, J., Perini, A.: TROPOS: An Agent Oriented Software Development Methodology. Journal of Autonomous Agents and Multi-Agent Systems. 2004
  • [CCIB99] Common Criteria Implementation Board: Common Criteria for Information Technology Security Evaluation, Part 2: Security Functional Requirements. ISO/IEC 15408-1. 1999
  • [Cha02] Chan, L.K. and Wu, M.L.: Quality Function Deployment: A Comprehensive Review of its Concepts and Methods. Quality Engineering, 15(1). 2002
  • [ChD04] Chen, P., Dean, M., Ojoko-Adams, D., Osman, H., Lopez, L., Xie, N.: Systems Quality Requirements Engineering (SQUARE) Methodology: Case Study on Asset Management System. (CMU/SEI-2004-SR-015). Software Engineering Institute, Carnegie Mellon University. 2004
  • [ChF05] Chivers, H. and Fletcher, M.: Applying Security Design Analysis to a service based system. Software: Practice and Experience, vol. 35 no. 9. 2005
  • [Chr92] Christel, M. and Kang, K.: Issues in Requirements Elicitation (CMU/SEI-92-TR-012, ADA258932). Software Engineering Institute, Carnegie Mellon University. 1992
  • [Coh95] Cohen, L.: Quality Function Deployment: How to Make QFD Work for You. Addison-Wesley. 1995
  • [CSO06] Codesecurely.org: Security Requirements Engineering. 2006 http://www.codesecurely.org/Wiki/view.aspx/Security_Requirements_Engineering
  • [Dav1] Davis, A.: Software Requirements: Analysis and Specification. Prentice Hall. 1990
  • [Dor90] Dorfman, M.: Tutorial: System and Software Requirements Engineering. IEEE Computer Society Press. 1990
  • [Eas00] Easterbrook, S., Nuseibeh, B.: Requirements Engineering: A Roadmap. Proceedings of the International Conference on Software Engineering. 2000
  • [ESI96] European Software Institute: European User Survey Analysis. Report USV_EUR 2.1, ESPITI Project. 1996
  • [Fir03] Firesmith, D.: Engineering Security Requirements. Journal of Object Technology. 2003
  • [Fir07] Firesmith, D.: Engineering Safety and Security Related Requirements for Software Intensive Systems. ICSE Companion. 2007
  • [GiM05] Giorgini, P., Massacci, F., Zannone, N.: Security and Trust Requirements Engineering. Foundations of Security Analysis and Design III - Tutorial Lectures. 2005
  • [Gio06] Giorgini, P., Mouratidis, H., Zannone, Z.: Modelling Security and Trust with Secure Tropos. Integrating Security and Software Engineering: Advances and Future Vision. 2006
  • [Gor05] Gordon, D., Stehney II, G., Wattas, N., Yu, E.: Quality Requirements Engineering (SQUARE): Case Study on Asset Management System, Phase II (CMU/SEI-2005-SR005). Software Engineering Institute, Carnegie Mellon University. 2005
  • [HaH06] Hallberg, N. Hallberg, J.: The Usage-Centric Security Requirements Engineering (USeR) Method. Information Assurance Workshop. 2006
  • [HaH07] Hatebur, D., Heisel, M., Schmidt, H.: A Pattern System for Security Requirements Engineering. Proceedings of the International Conference on Availability, Reliability and Security (AReS). 2007
  • [Hal04] Haley, C., Laney, R., Nuseibeh, B.: Deriving Security Requirements from Crosscutting Threat Descriptions. AOSD. 2004
  • [HaL07] Haley, C. Laney, R., Moffett, J., Nuseibeh, B.: Security Requirements Engineering: A Framework for Representation and Analysis. IEEE Transactions on Software Engineering. 2007
  • [Hat05] Hatebur, D., Heisel, M.: Problem Frames and Architectures for Security Problems. SAFECOMP. 2005
  • [Hat06] Hatebur, D., Heisel, M., Schmidt, H.: Security Engineering Using Problem Frames. Proceedings of the International Conference on Emerging Trends in Information and Communication Security (ETRICS). 2006
  • [Hat07] Hatebur, D., Heisel, M., Schmidt, H.: A Security Engineering Process based on Patterns. DEXA Workshops. 2007
  • [Hog04] Höglund, G., McGraw, G.: Exploiting Software : How to Break Code. Addison Wesley Professional. 2004
  • [Hop04] Hope, P., McGraw, G., Anton, A.: Misuse and Abuse Cases: Getting Past the Positive. Security & Privacy, IEEE Volume 02, Issue 3. 2004
  • [IAT07] Information Assurance Technology Analysis Center (IATAC) and Data Analysis Center for Software (DACS): Software Security Assurance: State-of-the-Art-Report. 2007
  • [IEEE98] IEEE: IEEE Recommended Practice for Software Requirements Specifications. 1998. http://ieeexplore.ieee.org/xpl/tocresult.jsp?isNumber=15571
  • [ISO99] ISO/IEC.: Information Technology - Security Techniques - Evaluation Criteria for IT Security - Part 1: Introduction and General Model. ISO/IEC. International Standard 15408-1. 1999
  • [Jac01] Jackson, M.: Problem Frames. Analyzing and Structuring Software Development Problems. Addison Wesley. 2001
  • [Jac92] Jacobson, I. et al.: Object-Oriented Software Engineering: A Use Case Driven Approach. Addison-Wesley. 1992
  • [Kam05] Kam, S.: Integrating the Common Criteria Into the Software Engineering Lifecycle. IDEAS'05. 2005
  • [Kul00] Kulak, D., Guiney, E.: Use Cases: Requirements in Context. ACM Press. 2000
  • [Lam04] Lamsweerde, A.: Elaborating Security Requirements by Construction of Intentional Anti-Models. 26th International Conference on Software Engineering (ICSE'04). 2004
  • [Lew02] Lewis, R.: Design for Security Up Front. 2002 http://articles.techrepublic.com.com/5100-10878-1059545.html
  • [Lin97] Linger, R., Mead, N., Lipson, H.: Requirements Definition for Survivable Network Systems. Software Engineering Institute, Carnegie Mellon University. 1997
  • [Liu03] Liu, L., Yu, E., Mylopoulos, J.: Security and Privacy Requirements Analysis within a Social Setting In. Proceedings of the International Conference on Requirements Engineering (RE). 2003
  • [Lou89] Loucopoulos, P., and Champion. R.E.M.: Knowledge-Based Support for Requirements Engineering. Information and Software Technology. 1989
  • [Luc04] Bastos, L., Brelaz de Castro, J.: Systematic Integration Between Requirements and Architecture. SELMAS. 2004
  • [Lut07] Lutz, R., Patterson-Hine, A., Nelson, S., Frost, C., Tal, D., Harris, R.: Using Obstacle Analysis to Identify Contingency Requirements on an Unpiloted Aerial Vehicle. Requirements Engineering Journal. Vol. 12. No. 1. 2007
  • [McG03] McGraw, G.: Software Security: Thought Leadership in Information Security. Cigital Software Security Workshop. 2003
  • [Mea05] Mead, N., Hough, E., Stehney II, T.: Security Quality Requirements (SQUARE) Methodology. (CMU/SEI-2005-TR-009). Software Engineering Institute, Carnegie Mellon University. 2005
  • [Mea06] Mead, N.: Security Requirements Engineering. Carnegie Mellon University. 1996. https://buildsecurityin.us-cert.gov/daisy/bsi/articles/best-practices/requirements/243.html
  • [Mea07] Mead, N.: How To Compare the Security Quality Requirements Engineering (SQUARE) Method with Other Methods. Technical Note, CMU/SEI. 2007
  • [Mead04] Mead, N.: Requirements Elicitation and Analysis Processes for Safety & Security Requirements. Proceedings of Fourth International Workshop on Requirements for High Assurance Systems. 2004
  • [MeF06] Mellado, D., Fernández-Medina, E., Piattini, M.: A Comparative Study of Proposals for Establishing Security Requirements for the Development of Secure Information Systems. Proceedings International Conference on Computational Science and its Applications (ICCSA). 2006
  • [MeF07] Mellado, D., Fernández-Medina, E., Piattini, M.: A Common Criteria Based Security Requirements Engineering Process for the Development of Secure Information Systems. Computer Standards & Interfaces, vol 29. 2007
  • [MGS03] Mouratidis, H., Giorgini, P., Schumacher, M., Manson, M.: Security Patterns for Agent Systems. Proceedings of the Eight European Conference on Pattern Languages of Programs (EuroPLoP). 2003
  • [Mof03] Moffett, J. D. and Nuseibeh, B.A.: A Framework for Security Requirements Engineering. Report YCS 368, Department of Computer Science, University of York. 2003
  • [MoG03] Mouratidis, H., Giorgini, P., Manson, G.: Modelling Secure Multiagent Systems. Proceedings of the Second International Joint Conference on Autonomous Agents & Multiagent Systems (AAMAS). 2003
  • [MoH04] Moffett, J. Haley, C., Nuseibeh, B.: Core Security Requirements Artefacts. Technical Report 2004/23. Department of Computing, The Open University. 2004
  • [Moo01] Moore, A. et al.: Attack Modeling for Information Security and Survivability. Technical Note CMU/SEI-2001-TN-001. Software Engineering Institute, Carnegie Mellon University. 2001
  • [Mou03] Mouratidis, H., Giorgini, P., Manson G.: Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems. Proceedings of the 15th Conference on Advance Information Systems (CAiSE). 2003
  • [Mou06] Mouratidis, H. and Giorgini, P.: Secure Tropos: Dealing effectively with Security Requirements in the development of Multiagent Systems. Safety and Security in Multiagent Systems. LNCS, Springer-Verlag, 2006
  • [NY01] New York State Office for Technology.: Requirements Analysis. 2001
  • [Olt01] Olthoff, K.: Observations on Security Requirements Engineering. Symposium on Requirements Engineering for Information Security. 2001
  • [Pau93] Paulk, M., Weber, C., Garcia, S., Chrissis, M., Bush, M.: Key Practices of the Capability Maturity Model, Version 1.1. Software Engineering Institute, Carnegie Mellon University. CMU/SEI-93-TR-25. 1993
  • [Pet05] Peeters, J.: Agile Security Requirements Engineering. Symposium Requirements Engineering Information Security, 2005 www.sreis.org/SREIS_05_Program/short26_peeters.pdf
  • [Pet07] Peeters, J. and Dyson, P.: Cost-Effective Security. IEEE Security & Privacy. 2007
  • [Pie01] Piessens, F., De Decker, B., De Win, B.: Developing secure software. A survey and classification of common software vulnerabilities. IICIS. 2001
  • [Red04] Redwine, S. et al.: Processes to Produce Secure Software: Towards More Secure Software. National Cyber Security Summit. 2004
  • [Ric07] Caralli, R., Stevens, J., Young, L., Wilson, W.: Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process. Technical Report CMU/SEI-2007-TR-012. Software Engineering Institute, Carnegie Mellon University http://iac.dtic.mil/iatac/download/security.pdf
  • [Rom07] Romero-Mariona, J., Ziv, H., Richardson, D.: Toward Hybrid Requirements-based and Architecture-based Testing. Proceedings of The Role of Software Architecture for Testing and Analysis (ROSATEA). 2007
  • [Rom90] Rombach, H.: Software Specifications: A Framework. IEEE Tutorial on Standards, Guidelines, and Examples: Systems and Software Requirements Engineering. ISBN 0-8186-8922-6. 1990
  • [Rum94] Rumbaugh, J.: Getting Started: Using use cases to capture requirements. Journal of Object-Oriented Programming. 1994
  • [Rze89] Rzepka, W.: A Requirements Engineering Testbed: Concept, Status, and First Results. In Bruce D. Shriver (editor), Proceedings of the Twenty-Second Annual Hawaii International Conference on System Sciences. IEEE Computer Society. 1989
  • [Sch00] Schneier, B.: Secrets and Lies: Digital Security in a Networked World. John Wiley & Sons. 2000
  • [SEI91] Software Engineering Institute Requirements Engineering Project: Requirements Engineering and Analysis Workshop Proceedings. Technical Report CMU/SEI-91-TR-30 or ESD-TR-91-30, Software Engineering Institute. 1991
  • [Sin03] Sindre, G., Firesmith, D., Opdahl, A.: A Reuse-Based Approach to Determining Security Requirements. Proceedings of the Ninth International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ). 2003
  • [SSI05] Secure Software Inc.: The CLASP Application Security Process. 2005
  • [STEP91] Software Test & Evaluation Panel (STEP), Requirements Definition Implementation Team: Operational Requirements for Automated Capabilities, Draft Pamphlet (Draft PAM). 1991
  • [Sto01] Stoneburner, G., Hayden, C., & Feringa, A.: Engineering Principles for Information Technology Security (A Baseline for Achieving Security). Computer Security Division, Information Technology Laboratory National Institute of Standards and Technology. 2001
  • [Tar95] Tarr, C., Peaty, S.: Using CLASP to Assess Perimeter Security. Proceedings Institute of Electrical and Electronics Engineers 29th Annual International Carnahan Conference. 1995
  • [Tun08] Tundel, Jaatun, Moland.: Security Requirements for the Rest of Us: A Survey. IEEE Software. 2008
  • [Vet02] Vetterling, M. et al.: Secure Systems Development Based on the Common Criteria: The PalME Project. Foundations of Software Engineering (SIGSOFT). 2002
  • [Vie01] Viega, J., McGraw, G.: Building Secure Software: How to Avoid Security Problems the Right Way. 1st ed. Addison-Wesley. 2001
  • [Vie05] Viega, J.: Building Security Requirements with CLASP. Proceedings of the Workshop on Software Engineering for Secure Systems (SESS). 2005
  • [War06] Ware, M.: Using Common Criteria to Elicit Security Requirements with Use Cases. Proceedings of the IEEE SoutheastCon. 2006
  • [Wei98] Weidenhaupt, K., Pohl, K., Jarke, M., Haumer, P.: Scenario Usage in System Development: A Report on Current Practice. IEEE Software. 1998
  • [Wel03] Welch, D., Lathrop, S.: A Survey of 802.11a Wireless Security Threats and Security Mechanisms. ITOC Technical Report 2003-101 to the Army G6. 2003
  • [Whi01] Whitmore, J.: A Method for Designing Secure Solutions. IBM Systems Journal. Volume: 40. Issue: 3. 2001
  • [Zah90] Zahniser, Richard A.: How to Speed Development with Group Sessions. IEEE Software. 1990
  • [Zav97] Zave, P., Jackson, M.: Four Dark Corners of Requirements Engineering. ACM Transactions on Software Engineering and Methodology, 6(1). ACM Press. 1997
  • [Zuk89] Zucconi, L.: Techniques and Experiences Capturing Requirements for Several Real-Time Applications. ACM SIGSOFT Software Engineering Notes. 1989
    •