Abstract
As security is becoming increasingly important for an Information System (IS), specifying information system security is considered as a major priority in secure system development. In this paper we present a Requirements Engineering (RE) framework for dealing with and specifying IS security requirements. Within the framework, we propose to view security requirements as quality requirements so that a goal-oriented approach in the RE field can be applied to deal with them. In our study, specifying some security requirements is based on the Albert language, a new formal language for modelling functional requirements relating to distributed real-time systems.
Chapter PDF
Similar content being viewed by others
Keywords
References
Baskerville, R. (1994) Information system security design methods: implications for information systems development. ACM Computing Surveys. Vol., 25, N°.4.
Blyth, A.J.C., Chudge, J., and Dobson, J.E. (1993) ORDIT: a new methodology to assist in the process of eliciting and modelling organisational requirements. In Simon Kaplan, editor, Proc. of the Conference on Organizational Computing Systems - COOCS’93, Milpitas CA, ACM Press.
Dardenne, A., van Lamsweerde, A., Fickas, S. (1993) Goal-Directed Requirements Acquisition. Science of Computer Programming, Vol. 20.
Du Bois, Ph. (1995) The AlbertII Language - On the Design and the Use of a Formal Specification Language for Requirements Analysis. PhD Thesis, Computer Science Department of Namur University, Belgium.
Dubois, E., Du Bois, Ph., and Petit, M. (1994) Albert: an Agent-oriented language for building and eliciting requirements for real-time systems. In Proceedings of the 27th Hawaii International Conference on System Sciences - HICSS-27.
Dubois, E., Hagelstein, J., and Rifaut, A.. (1991) A formal language for the requirement engineering of computer system. From Natural Language Processing to a logic based approach to Artificial Intelligence; Ed: André Thayse, John Willey & Sons.
Feather, M.S. (1987) The language support for the specification and development of composite systems. ACM Transactions on Programming Languages and Systems, 9(2).
Greenspan, S.J. Borgida, A. and Mylopoulos, J. (1986) A Requirements Modeling Language and its Logic. In M.L. Bodie and J. Mylopoulos, editors, On knowledge base management systems, Topics in Information Systems. Springer-Verlang.
Grimm, R. (1989) Security on Network: Do We Really Need It ?. Computer Networks and ISDN Systems 17.
Hofmann, Hubert F. (1993). Requirements engineering — A survey of methods and tools. Technical Report, Institute for Informatics. University of Zurich, Switzerland.
ISO. (1982) Information processing systems — Open Systems Interconnection — Basic reference model. International Standards Organization, ISO 7298.
ISO. (1988) ISO 749812 Security Architecture.
ITSEC. (1991) Information Technology Security Evaluation Criteria (ITSEC). Office for Official Publications of the European Communities, Brussels.
Landwehr, C.E. (1993) How far Can You Trust a Computer?. Invited Paper, SAFECOMP’93, Proceedings of 12th International Conference on Computer Safety, Reliability and Security.
Mylopoulos, J., Chung, L., and Nixon, B. (1992) Representing and using nonfunctional requirements: A process-oriented approach. IEEE Transaction on Software Engineering, Vol.18, N°6.
Nilsson, N. (1971) Problem-Solving Methods in Artificial Intelligence, New York, McGraw-Hill.
Pohl, K. (1992) The Three Dimensions of Requirements Engineering. NATURE Report Series, Informatik V, RWTH-Aachen, Ahornstr, 55, 5100, Germany.
Sernadas, A., Sernadas, C., and Ehrich, H-D. (1987) Object-oriented Specification of dadabases: an Algebraic Approach. In Peter Hammersley (Ed), Proceesings of the 13th International Conference on Very Large Dada Bases — VLDB’87, Brighton (UK).
Wu, S. (1996) Dealing with and Specifying Security Requirements in Building a Secure Composite System — A Requirements Engineering Framework Applied to a Secure MHS Case Study. PhD Thesis, Computer Science Department of Namur University, Belgium.
Yu, E. Modelling Strategic Relationships Process Reengineering. PhD Thesis, Dept. of Computer Science, University of Toronto, Ontario Canada, 1995
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Dubois, E., Wu, S. (1996). A Framework for Dealing with and Specifying Security Requirements in Information Systems. In: Katsikas, S.K., Gritzalis, D. (eds) Information Systems Security. SEC 1996. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-1-5041-2919-0_8
Download citation
DOI: https://doi.org/10.1007/978-1-5041-2919-0_8
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2921-3
Online ISBN: 978-1-5041-2919-0
eBook Packages: Springer Book Archive