참고문헌
- A. P. Moore, R. J. Ellison, R. C. Linger, 'Attack Modeling for Information Security and Survivability', CMU/SEI2001-TN-001, Mar., 2001
- A. P. Moore, R. J. Ellison, L. Bass, M. Klein, F. Bachmann, 'Security and Survivability Reasoning Frameworks and Architectural Design Tactics', CMU/SEI-2004-TN-022, 2004
- A. Hall and R. Chapman, 'Correctness by Construction', IEEE Software Vol.19, No.1, pp.18-25, 2002 https://doi.org/10.1109/52.976937
- A. V. Lamsweerde, 'Elaborating Security Requirements by Construction of Intentional Anti-Models', Proceedings of the 26th International Conference on Software Engineering (ICSE'04), pp.148-157, 2004
- M. Bishop, 'Vulnerabilities Analysis', Web proceedings of the 2nd International Workshop on Recent Advances in Intrusion Detection (RAID'99), 1999
- B. Boehm, 'Software Engineering Economics', Prentice-Hall, 1981
- CC, Common Criteria for Information Technology Security Evaluation, Version 2.1, CCIMB-99-031, Aug., 1999
- L. Chung, B. Nixon, E. Yu, and J. Mylopoulos, 'Non-Functional Requirements in Software Engineering', Kluwer Academic Publishers, 1999
- L. M. Cysneiros and J. C. S. P. Leiter, 'Using UML to Reflect Non-Functional Requirements', Proceedigns of the 11 CASCON, IBM Canada, Toronto Nov 2001, pp.202-216, 2001
- L. M. Cysneiros, J. C. S. P. Leiter and J. S. M. Neto, 'A Framework for Integrating Non-Functional Requirements into Conceptual Models', Requirements Engineering Journal, Vol.6, Issue2, pp.97-115, Apr., 2001 https://doi.org/10.1007/s007660170008
- L. M. Cysneiros and J. C. S. P. Leiter, 'Integrating Non-Functional Requirements into data modeling', Proceedings of the 4th International Sysmposium on Requirements Engineering, pp.162-171, 1999
- D. G. Firesmith, 'Specifying Reusable Security Requirements', Journal of Object Technology(JOT), Vol.3, No.1, 2004 https://doi.org/10.5381/jot.2004.3.1.c6
- D. G. Firesmith, 'Security Use Case', Journal of Object Technoly(JOT), Vol.2, No.3, pp.53-64, May/Jun, 2003 https://doi.org/10.5381/jot.2003.2.3.c6
- G. McGraw, 'Software Security', IEEE Security & Privacy, pp.80-83, Mar/Apr., 2004 https://doi.org/10.1109/MSECP.2004.1281254
- G. Hoglund, G. McGraw, 'Exploiting Software: How to break code', Addison Wesley, 2004
- G. Sindre and A. L. Opdahl, 'Capturing Security Requirements through Misuse Cases', Proc. 14th Norwegian Informatics Conference, Norway, pp.26-28, Nov., 2001
- I. Alexander, 'Misuse Cases: Use Cases with Hostile Intent', IEEE Software Jan/Feb, 2003, pp.58-66, 2003 https://doi.org/10.1109/MS.2003.1159030
- I. V. Krsul, 'Computer Vulnerability Analysis', PhD thesis, Purdue University, 1998
- J. McDermott, 'Extracting Security Requirements by Misuse Cases', Proc. 27th Technology of Objected-Oriented Languages and Systems(TOOLS-37 Pacific 2000), Sydney, Australia, pp.120-131, 2000
- J. McDermott, C. Fox, 'Using Abuse Case Models for Security Requirements Analysis', Proc. Annual Computer Security Applications Conference (ACSAC'99), pp.55-64, 1999 https://doi.org/10.1109/CSAC.1999.816013
- J. A. Whittacker and M. Howard, 'Building More Secure Software With Improved Development Processes', IEEE Security & Privacy, Vol.2, Issue 6, pp.63-65 Nov/Dec., 2004 https://doi.org/10.1109/MSP.2004.95
- J. Viega, G. McGraw, 'Building Secure Software', Addison Wesley, 2004
- L. Liu, E. yu, J. Mylopoulos. 'Security and Privacy Requirements Analysis within a Social Setting', Proceedings of the 11th IEEE International Requirements Engineering Conference, pp.151-161, 2003
- L. M. Cysneiros and J. C. S. P. Leiter, 'Nonfunctional requirements: from elicitation to conceptual models', IEEE Transactions on Software Engineering, Vol.30, No.5, pp.328-350, May, 2004 https://doi.org/10.1109/TSE.2004.10
- M. Howard and D. C. LeBlanc, 'Writing Secure Code', 2nd Ed., Microsoft, 2003
- M. Schumacher and U. Roedig, 'Security Engineering with Patterns', In PLoP Proceedings 2001
- M. Schumacher, 'Security Patterns And Security Standards', in PLoP Proceedings 2001
- M. Schumacher and U. Roedig, 'Security Engineering with Patterns,' in PLoP Proceedings 2001
- G. McGraw, B. Potter, 'Software Security Testing', IEEE Security & Privacy, Vol.2, Issue 5, pp.81 -85, Sep/Oct., 2004 https://doi.org/10.1109/MSP.2004.84
- J. Jurjens, 'UMLsec : Extending UML for secure systems development', In UML 2002, 2002
- P. T. Devanbu, S. Stubblebine. 'Software Engineering for Security: A Roadmap', ICSE 2000, pp.227-239, 2000 https://doi.org/10.1145/336512.336559
- 서정국, 최경희, 정기현, 박승규, 심재홍, '인터넷 보안 시뮬레이션을 위한 공격모델링', 정보처리학회논문지C, 제11-C권 제2호, pp.183-192, 2004 https://doi.org/10.3745/KIPSTC.2004.11C.2.183
- 장세진, 최상수, 이강수, 최희봉, '보안 요구사항 도출 및 명세를 위한 CC기반 Misuse Case 모델', 정보과학회 2004년 춘계학술대회 Vol.31, No.1, pp.0277 -0279, 2004