An Aspect-Oriented Approach to Security Requirements Analysis

Chicago, Illinois September 17-September 21

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/COMPSAC.2006.109

30th Annual International Computer So ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Dianxiang Xu Articles by Vivek Goel Articles by Kendall Nygard

	ASCII Text	x
	Dianxiang Xu, Vivek Goel, Kendall Nygard, "An Aspect-Oriented Approach to Security Requirements Analysis," Computer Software and Applications Conference, Annual International, vol. 2, pp. 79-82, 30th Annual International Computer Software and Applications Conference (COMPSAC'06), 2006.

	BibTex	x
	@article{ 10.1109/COMPSAC.2006.109, author = {Dianxiang Xu and Vivek Goel and Kendall Nygard}, title = {An Aspect-Oriented Approach to Security Requirements Analysis}, journal ={Computer Software and Applications Conference, Annual International}, volume = {2}, year = {2006}, issn = {0730-3157}, pages = {79-82}, doi = {http://doi.ieeecomputersociety.org/10.1109/COMPSAC.2006.109}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Software and Applications Conference, Annual International TI - An Aspect-Oriented Approach to Security Requirements Analysis SN - 0730-3157 SP79 EP82 A1 - Dianxiang Xu, A1 - Vivek Goel, A1 - Kendall Nygard, PY - 2006 KW - Security requirements KW - aspect-oriented software development KW - use case KW - threats KW - mitigation. VL - 2 JA - Computer Software and Applications Conference, Annual International ER -

Dianxiang Xu, North Dakota State University, USA

Vivek Goel, North Dakota State University, USA

Kendall Nygard, North Dakota State University, USA

This paper presents an aspect-oriented approach to integrated elicitation of functional and security requirements based on use case-driven development. We identify security threats with respect to use cases and adopt threat mitigations for preventing or reducing security threats. To capture crosscutting nature of threats and mitigations, we specify them as aspects that encapsulate pointcuts and advice. A threat (mitigation) pointcut is a collection of join points in use cases at which the use cases are threatened (secured); whereas threat/mitigation advice describes how a threat can become an attack (can be mitigated). Eliciting threats and mitigations as aspects provides a structured way for separating functional and security concerns.

Index Terms:

Security requirements, aspect-oriented software development, use case, threats, mitigation.

Citation:

Dianxiang Xu, Vivek Goel, Kendall Nygard, "An Aspect-Oriented Approach to Security Requirements Analysis," compsac, vol. 2, pp.79-82, 30th Annual International Computer Software and Applications Conference (COMPSAC'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.