paper index | HOME

Title: Security Requirements Elicitation Using MethodWeaving and Common Criteria
Author(s): Motoshi Saeki and Haruhiko Kaiya
Source: M.R.V. Chaudron (Ed.): MODELS 2008 Workshops, LNCS 5421, pp. 185.196, 2009.

The elicitation of security requirements (SRs) is a crucial issue to develop secure information systems of high quality. Although we have several requirements elicitation methods, most of them do not provide sufficient supports to identify security threats, security objectives and security functions. Security functions are closely related to architectural design of the information system, i.e. solution space, and knowledge from the solution space is necessary to elicit appropriate SRs of higher quality. This paper proposes the usage of Common Criteria and related knowledge sources to identify SRs from functional requirements through eliciting threats and security objectives. Our proposed technique is to weave through Common Criteria two types of elicitation methods; one is any existing functional requirements elicitation method and the other is a typical method for eliciting security functional requirements so that we can have a powerful method.
Related Paper(s): Mar. 2008