Title: Aspect-oriented specification of threat-driven security requirements

Authors: Dianxiang Xu, Vivek Goel, Kendall E. Nygard, W. Eric Wong

Addresses: Department of Computer Science, North Dakota State University, Fargo, ND 58105, USA. ' Measurement Technology Laboratories LLC, 2308 6th Street, Brookings, SD 57006, USA. ' Department of Computer Science, North Dakota State University, Fargo, ND 58105, USA. ' Department of Computer Science, University of Texas at Dallas, Richardson, TX 75803, USA

Abstract: This paper presents an aspect-oriented approach to integrated specification of functional and security requirements based on use-case-driven software development. It relies on explicit identification of security threats and threat mitigations. We first identify security threats with respect to use-case based functional requirements in terms of security goals and the STRIDE category. Then, we suggest threat mitigations for preventing or reducing security threats. To capture the crosscutting nature of threats and mitigations, we specify them as aspects that encapsulate pointcuts and advice. This provides a structured way for separating functional and security concerns and for analysing the interaction between them.

Keywords: security requirements; aspect-oriented software development; use case; security threats; threat mitigation.

DOI: 10.1504/IJCAT.2008.017725

International Journal of Computer Applications in Technology, 2008 Vol.31 No.1/2, pp.131 - 140

Published online: 27 Mar 2008 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article