paper index | HOME

Title: Using Common Criteria as Reusable Knowledge in Security Requirements Elicitation
Author(s): Motoshi Saeki and Haruhiko Kaiya.
Modeling Security Workshop, in Association with MODELS'08 (MODSEC08), Only on Web [HTML], Sep. 28, 2008, Toulouse, France.

The elicitation of security requirements (SRs) is a crucial issue to develop secure information systems of high quality. Although we have several methods mainly for functional requirements such as goal-oriented methods and use case modeling, most of them do not provide sufficient supports to identify threats, security objectives and security functions. Security functions are closely related to architectural design of the information system, i.e. solution space, and knowledge from the solution space is necessary to elicit appropriate SRs of higher quality. This paper proposes the usage of Common Criteria and related knowledge sources to identify SRs from functional requirements through eliciting threats and security objectives. Our proposed technique can be combined with and embedded into any existing functional requirements elicitation methods.
Related Paper(s)