Mutual refinement of security requirements and architecture using twin peaks model

Takao Okubo*, Haruhiko Kaiya, Nobukazu Yoshioka

*この研究の対応する著者

研究成果: Conference contribution

4 被引用数 (Scopus)

抄録

It is difficult to sufficiently specify software security requirements because they depend on a software architecture that has not yet been designed. Although the Twin Peaks model is a reference model to elicit a sufficient amount of software requirements in conjunction with the architectural requirements, it is still unclear how the security requirements can be elicited while taking the architecture into consideration. We propose a novel method to elicit the security requirements with architecture elaboration based on the Twin Peaks model, which is called the Twin Peaks Model application for Security Analysis (TMP-SA). In our method, security countermeasures for attacks are elicited as the security requirements incrementally according to the refinement of the architecture. We can comprehensively explore the alternatives for the countermeasures (security requirements) and choose the most suitable one for each project because we can focus on the architecture-specific security issues as well as architecture-independent security issues. We have applied our method to several applications and discuss its advantages and limitations. We found that our method is suitable for iterative development, and it enables us to find threats caused by architectural issues that are severely difficult to find when analyzing only the requirements issues.

本文言語English
ホスト出版物のタイトルProceedings - 36th Annual IEEE International Computer Software and Applications Conference Workshops, COMPSACW 2012
ページ367-372
ページ数6
DOI
出版ステータスPublished - 2012
外部発表はい
イベント36th Annual IEEE International Computer Software and Applications Conference Workshops, COMPSACW 2012 - Izmir, Turkey
継続期間: 2012 7月 162012 7月 20

出版物シリーズ

名前Proceedings - International Computer Software and Applications Conference
ISSN(印刷版)0730-3157

Conference

Conference36th Annual IEEE International Computer Software and Applications Conference Workshops, COMPSACW 2012
国/地域Turkey
CityIzmir
Period12/7/1612/7/20

ASJC Scopus subject areas

  • ソフトウェア
  • コンピュータ サイエンスの応用

フィンガープリント

「Mutual refinement of security requirements and architecture using twin peaks model」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル