Abstract
In order to develop secure information systems with less development cost, it is important to elicit the requirements to security functions (simply security requirements) as early in their development process as possible. To achieve it, accumulated knowledge of threats and their objectives obtained from practical experiences is useful, and the technique to support the elicitation of security requirements utilizing this knowledge should be developed. In this paper, we present the technique for security requirements elicitation using practical knowledge of threats, their objectives and security functions realizing the objectives, which is extracted from Security Target documents compliant to the standard Common Criteria. We show the usefulness of our approach with several case studies.
Author supplied keywords
Cite
CITATION STYLE
Abe, T., Hayashi, S., & Saeki, M. (2015). Modeling and utilizing security knowledge for eliciting security requirements. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9382, pp. 236–247). Springer Verlag. https://doi.org/10.1007/978-3-319-25747-1_24
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
