FESR: A framework for eliciting security requirements based on integration of common criteria and weakness detection formal model

Hongbo Li, Xiaohong Li, Jianye Hao, Guangquan Xu, Zhiyong Feng, Xiaofei Xie

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

It is critical and foremost to come up with the corresponding security requirements first which the following implementations are based on. However, previous security requirement elicitation work based on Common Criteria (CC) rarely addresses the detailed elicitation process of threats from specific functional requirements, which thus results in the widen gap between specific functional requirements and their corresponding threats. To this end, this paper proposes a framework for eliciting corresponding security requirements of specific functional requirements from the requirements specification. A formal model is built in the framework to assist requirement analysts in half-automatic collecting threats. To enhance the framework's automaticity and reusability, a security property base is constructed based on authoritative sources of security properties to support the framework. A practical information system is applied to verify the framework's practicability. Finally the framework's advantages and limitations are discussed thoroughly compared with previous approaches and useful insights are revealed.

Original languageEnglish
Title of host publicationProceedings - 2017 IEEE International Conference on Software Quality, Reliability and Security, QRS 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages352-363
Number of pages12
ISBN (Electronic)9781538605929
DOIs
Publication statusPublished - Aug 11 2017
Externally publishedYes
Event17th IEEE International Conference on Software Quality, Reliability and Security, QRS 2017 - Prague, Czech Republic
Duration: Jul 25 2017Jul 29 2017

Publication series

NameProceedings - 2017 IEEE International Conference on Software Quality, Reliability and Security, QRS 2017

Conference

Conference17th IEEE International Conference on Software Quality, Reliability and Security, QRS 2017
Country/TerritoryCzech Republic
CityPrague
Period7/25/177/29/17

All Science Journal Classification (ASJC) codes

  • Software
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'FESR: A framework for eliciting security requirements based on integration of common criteria and weakness detection formal model'. Together they form a unique fingerprint.

Cite this