Aspect-oriented specification of threat-driven security requirements

		Searching 31822 from 300 Journals [Advanced Search ] Search in
		Login

	PUBLISHERS OF DISTINGUISHED ACADEMIC, SCIENTIFIC AND PROFESSIONAL JOURNALS
Home About Us Contact Us Site Map Help

Article Abstract

	Title:	Aspect-oriented specification of threat-driven security requirements
	Author:	Dianxiang Xu, Vivek Goel, Kendall E. Nygard, W. Eric Wong
	Address:	Department of Computer Science, North Dakota State University, Fargo, ND 58105, USA. ' Measurement Technology Laboratories LLC, 2308 6th Street, Brookings, SD 57006, USA. ' Department of Computer Science, North Dakota State University, Fargo, ND 58105, USA. ' Department of Computer Science, University of Texas at Dallas, Richardson, TX 75803, USA
	Journal:	International Journal of Computer Applications in Technology 2008 - Vol. 31, No.1/2 pp. 131 - 140
	Abstract:	This paper presents an aspect-oriented approach to integrated specification of functional and security requirements based on use-case-driven software development. It relies on explicit identification of security threats and threat mitigations. We first identify security threats with respect to use-case based functional requirements in terms of security goals and the STRIDE category. Then, we suggest threat mitigations for preventing or reducing security threats. To capture the crosscutting nature of threats and mitigations, we specify them as aspects that encapsulate pointcuts and advice. This provides a structured way for separating functional and security concerns and for analysing the interaction between them.
	Keywords:	security requirements; aspect-oriented software development; use case; security threats; threat mitigation.
	DOI:	10.1504/IJCAT.2008.017725
		Purchase this Paper Comment on the Paper

Article's references with DOI links:

Proceedings IEEE Joint International Conference on Requirements Engineering ICRE-02, . 61 - Vol. Alexander, No. p.
Alexander, IEEE Software. 2003 - Vol. 20, No. 1 p. 58
Proceedings 26th International Conference on Software Engineering ICSE-04, . 158 - Vol. Baniassad, No. p.
Proceedings IEEE Joint International Conference on Requirements Engineering ICRE-02, . 203 - Vol. Crook, No. p.
Proceedings of the 3rd international conference on Aspect-oriented software development - AOSD 04 AOSD 04, . 112 - Vol. Haley, No. p.
Proceedings IEEE Joint International Conference on Requirements Engineering ICRE-02, . 199 - Vol. Rashid, No. p.
Proceedings of the 2nd international conference on Aspect-oriented software development - AOSD 03 AOSD 03, . 11 - Vol. Rashid, No. p.
Proceedings 26th International Conference on Software Engineering ICSE-04, . 148 - Vol. van Lamsweerde, No. p.
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering - ASE 05 ASE 05, . 342 - Vol. Xu, No. p.
Xu, IEEE Transactions on Software Engineering. 2006 - Vol. 32, No. 4 p. 265
Proceedings of ISRE 97 3rd IEEE International Symposium on Requirements Engineering ISRE-97, . 226 - Vol. Yu, No. p.
Trust in Cyber-societies, Lecture Notes in Computer Science. 175 - Vol. Yu, No. 2246 p.