TY - GEN
T1 - A system for seamless support from security requirements analysis to security design using a software security knowledge base
AU - Hazeyama, Atsuo
AU - Miyahara, Hikaru
AU - Tanaka, Takafumi
AU - Washizaki, Hironori
AU - Kaiya, Haruhiko
AU - Okubo, Takao
AU - Yoshioka, Nobukazu
N1 - Funding Information:
ACKNOWLEDGEMENT This study is partially supported by the Grant-in Aid for No. (C) 22500910, 26330394, and 17K00475 from the Ministry of Education, Science, Sports and Culture of Japan. The authors would like to thank Yuki Yamada for his support of preparing this manuscript.
Publisher Copyright:
© 2019 IEEE.
PY - 2019/9
Y1 - 2019/9
N2 - Owing to the widespread use of the internet, software services are being provided to millions of consumers and the importance of software security has increased considerably. Specifically, difficulties in developing a security design based on the results of a security requirements analysis are a focal point for investigation. One promising approach for addressing these difficulties is to create a knowledge base for secure software development and a process for utilizing it. The information obtained regarding the security design of the knowledge base, which is associated with the knowledge used in the security requirements analysis, can be considered during the design phase. This paper describes the development of a system that seamlessly supports the design phase based on the results of a security requirements analysis and the knowledge base. We then present an example to demonstrate the usefulness of the proposed system. This knowledge base maintains an association between knowledge types and is traceable. Therefore, if the knowledge used to create a type of artifact evolves, it is possible to detect artifacts used knowledge associated with it.
AB - Owing to the widespread use of the internet, software services are being provided to millions of consumers and the importance of software security has increased considerably. Specifically, difficulties in developing a security design based on the results of a security requirements analysis are a focal point for investigation. One promising approach for addressing these difficulties is to create a knowledge base for secure software development and a process for utilizing it. The information obtained regarding the security design of the knowledge base, which is associated with the knowledge used in the security requirements analysis, can be considered during the design phase. This paper describes the development of a system that seamlessly supports the design phase based on the results of a security requirements analysis and the knowledge base. We then present an example to demonstrate the usefulness of the proposed system. This knowledge base maintains an association between knowledge types and is traceable. Therefore, if the knowledge used to create a type of artifact evolves, it is possible to detect artifacts used knowledge associated with it.
KW - Secure software development support
KW - Software security knowledge base
UR - http://www.scopus.com/inward/record.url?scp=85078002520&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85078002520&partnerID=8YFLogxK
U2 - 10.1109/REW.2019.00029
DO - 10.1109/REW.2019.00029
M3 - Conference contribution
AN - SCOPUS:85078002520
T3 - Proceedings - 2019 IEEE 27th International Requirements Engineering Conference Workshops, REW 2019
SP - 134
EP - 140
BT - Proceedings - 2019 IEEE 27th International Requirements Engineering Conference Workshops, REW 2019
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 27th IEEE International Requirements Engineering Conference Workshops, REW 2019
Y2 - 23 September 2019 through 27 September 2019
ER -