Aspect-oriented specification of threat-driven security requirements Online publication date: Thu, 27-Mar-2008
by Dianxiang Xu, Vivek Goel, Kendall E. Nygard, W. Eric Wong
International Journal of Computer Applications in Technology (IJCAT), Vol. 31, No. 1/2, 2008
Abstract: This paper presents an aspect-oriented approach to integrated specification of functional and security requirements based on use-case-driven software development. It relies on explicit identification of security threats and threat mitigations. We first identify security threats with respect to use-case based functional requirements in terms of security goals and the STRIDE category. Then, we suggest threat mitigations for preventing or reducing security threats. To capture the crosscutting nature of threats and mitigations, we specify them as aspects that encapsulate pointcuts and advice. This provides a structured way for separating functional and security concerns and for analysing the interaction between them.
Online publication date: Thu, 27-Mar-2008
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Computer Applications in Technology (IJCAT):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email firstname.lastname@example.org