Using Common Criteria as Reusable Knowledge in Security Requirements Elicitation
Motoshi Saeki and Haruhiko Kaiya.
Modeling Security Workshop, in Association with MODELS'08
Only on Web [HTML],
Sep. 28, 2008, Toulouse, France.
The elicitation of security requirements (SRs) is a crucial issue to
develop secure information systems of high quality. Although we have several
methods mainly for functional requirements such as goal-oriented methods and
use case modeling, most of them do not provide sufficient supports to identify
threats, security objectives and security functions. Security functions are closely
related to architectural design of the information system, i.e. solution space, and
knowledge from the solution space is necessary to elicit appropriate SRs of higher
quality. This paper proposes the usage of Common Criteria and related knowledge
sources to identify SRs from functional requirements through eliciting threats and
security objectives. Our proposed technique can be combined with and embedded
into any existing functional requirements elicitation methods.