Title:
Security Requirements Elicitation Using MethodWeaving and Common Criteria
Author(s):
Motoshi Saeki and Haruhiko Kaiya
Source:
M.R.V. Chaudron (Ed.): MODELS 2008 Workshops, LNCS 5421, pp. 185.196, 2009.
Abstract:
The elicitation of security requirements (SRs) is a crucial issue to develop
secure information systems of high quality. Although we have several requirements
elicitation methods, most of them do not provide sufficient supports
to identify security threats, security objectives and security functions. Security
functions are closely related to architectural design of the information system,
i.e. solution space, and knowledge from the solution space is necessary to elicit
appropriate SRs of higher quality. This paper proposes the usage of Common
Criteria and related knowledge sources to identify SRs from functional requirements
through eliciting threats and security objectives. Our proposed technique
is to weave through Common Criteria two types of elicitation methods; one is
any existing functional requirements elicitation method and the other is a typical
method for eliciting security functional requirements so that we can have a
powerful method.
Related Paper(s):
Mar. 2008