Abstract
In CAiSE 2006, we had presented a framework to support development of secure information systems. The framework was based on the integration of two security-aware approaches, the Secure Tropos methodology, which provides an approach for security requirements elicitation, and the UMLsec approach, which allows one to include the security requirements into design models and offers tools for security analysis. In this paper we reflect on the usage of this framework and we report our experiences of applying it to two different industrial case studies from the health care domain. However, due to lack of space we only describe in this paper one of the case studies. Our findings demonstrate that the support of the framework for the consideration of security issues from the early stages and throughout the development process can result in a substantial improvement in the security of the analysed systems.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Alam, M., Hafner, M., Breu, R.: Constraint based role based access control in the SECTET-framework A model-driven approach. Journal of Computer Security 16(2), 223–260 (2008)
Basin, D., Doser, J., Lodderstedt, T.: Model Driven Security for Process Oriented Systems. In: Proceedings of the 8th ACM symposium on Access Control Models and Technologies, Como, Italy (2003)
Bresciani, P., Giorgini, P., Giunchiglia, F., Mylopoulos, J., Perini, A.: TROPOS: An Agent Oriented Software Development Methodology. Journal of Autonomous Agents and Multi-Agent Systems 8(3), 203–236 (2004)
Common Criteria, http://www.commoncriteriaportal.org/
Devanbu, P., Stubblebine, S.: Software Engineering for Security: a Roadmap. In: Proceedings of ICSE 2000 (track on The future of Software engineering) (2000)
Hermann, G., Pernul, G.: Viewing business-process security from different perspectives. International Journal of electronic Commence 3, 89–103 (1999)
Jennings, N.R.: An agent-based approach for building complex software systems. Communications of the ACMÂ 44(4) (April 2001)
Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2004)
Jürjens, J., Shabalin, P.: Tools for Secure Systems Development with UML. In: FASE 2004/05 special issue of the International Journal on Software Tools for Technology Transfer. Springer, Heidelberg (2007)
McDermott, J., Fox, C.: Using Abuse Case Models for Security Requirements Analysis. In: Proceedings of the 15th Annual Computer Security Applications Conference (December 1999)
Mouratidis, H., Giorgini, P., Manson, G.: Modelling Secure Multiagent Systems. In: The Proceedings of the 2nd International Joint Conference on Autonomous Agents and Multiagent Systems, Melbourne, Australia, pp. 859–866. ACM, New York (2003)
Mouratidis, H., Philp, I., Manson, G.: A Novel Agent-Based System to Support the Single Assessment Process of Older People. Journal of Health Informatics 9(3), 149–162 (2003)
Mouratidis, H., Giorgini, P.: Integrating Security and Software Engineering: Advances and Future Visions. Idea Group Publishing (2006)
Mouratidis, H., Jürjens, J., Fox, J.: Towards a Comprehensive Framework for Secure Systems Development. In: Dubois, E., Pohl, K. (eds.) CAiSE 2006. LNCS, vol. 4001, pp. 48–62. Springer, Heidelberg (2006)
Muhanna, W.: An Object-Oriented Framework for Model Management and DSS Development. Decision Support Systems 9(2), 217–229 (1993)
Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requir. Eng. 10(1), 34–44 (2005)
Sunyaev, A.: Telematik im Gesundheitswesen - Sicherheitsaspekte,tech. rep., TU Munich (2006)
Wooldridge, M., Ciancarini, P.: Agent-Oriented Software Engineering: The State of the Art. In: Ciancarini, P., Wooldridge, M. (eds.) AOSE 2000. LNCS, vol. 1957, pp. 1–28. Springer, Heidelberg (2001)
Yu, E.: Modelling Strategic Relationships for Process Reengineering, Ph.D. Thesis. Dept. of Computer Science, University of Toronto (1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mouratidis, H., Sunyaev, A., Jurjens, J. (2009). Secure Information Systems Engineering: Experiences and Lessons Learned from Two Health Care Projects. In: van Eck, P., Gordijn, J., Wieringa, R. (eds) Advanced Information Systems Engineering. CAiSE 2009. Lecture Notes in Computer Science, vol 5565. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02144-2_21
Download citation
DOI: https://doi.org/10.1007/978-3-642-02144-2_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02143-5
Online ISBN: 978-3-642-02144-2
eBook Packages: Computer ScienceComputer Science (R0)