Identifying Security Requirement using Reusable State Transition Diagram at Security Threat Location |
Seo Seong-Chae
(전남대학교 전산학과)
You Jin-Ho (전남대학교 대학원 전산학과) Kim Young-Dae (전남대학교 대학원 전산학과) Kim Byung-Ki (전남대학교 전자컴퓨터정보통신공학부) |
1 | CC, Common Criteria for Information Technology Security Evaluation, Version 2.1, CCIMB-99-031, Aug., 1999 |
2 | M. Bishop, 'Vulnerabilities Analysis', Web proceedings of the 2nd International Workshop on Recent Advances in Intrusion Detection (RAID'99), 1999 |
3 | B. Boehm, 'Software Engineering Economics', Prentice-Hall, 1981 |
4 | A. Hall and R. Chapman, 'Correctness by Construction', IEEE Software Vol.19, No.1, pp.18-25, 2002 DOI ScienceOn |
5 | A. V. Lamsweerde, 'Elaborating Security Requirements by Construction of Intentional Anti-Models', Proceedings of the 26th International Conference on Software Engineering (ICSE'04), pp.148-157, 2004 |
6 | A. P. Moore, R. J. Ellison, R. C. Linger, 'Attack Modeling for Information Security and Survivability', CMU/SEI2001-TN-001, Mar., 2001 |
7 | A. P. Moore, R. J. Ellison, L. Bass, M. Klein, F. Bachmann, 'Security and Survivability Reasoning Frameworks and Architectural Design Tactics', CMU/SEI-2004-TN-022, 2004 |
8 | P. T. Devanbu, S. Stubblebine. 'Software Engineering for Security: A Roadmap', ICSE 2000, pp.227-239, 2000 DOI |
9 | 서정국, 최경희, 정기현, 박승규, 심재홍, '인터넷 보안 시뮬레이션을 위한 공격모델링', 정보처리학회논문지C, 제11-C권 제2호, pp.183-192, 2004 과학기술학회마을 DOI |
10 | 장세진, 최상수, 이강수, 최희봉, '보안 요구사항 도출 및 명세를 위한 CC기반 Misuse Case 모델', 정보과학회 2004년 춘계학술대회 Vol.31, No.1, pp.0277 -0279, 2004 과학기술학회마을 |
11 | J. A. Whittacker and M. Howard, 'Building More Secure Software With Improved Development Processes', IEEE Security & Privacy, Vol.2, Issue 6, pp.63-65 Nov/Dec., 2004 DOI ScienceOn |
12 | J. Jurjens, 'UMLsec : Extending UML for secure systems development', In UML 2002, 2002 |
13 | M. Schumacher and U. Roedig, 'Security Engineering with Patterns,' in PLoP Proceedings 2001 |
14 | G. McGraw, B. Potter, 'Software Security Testing', IEEE Security & Privacy, Vol.2, Issue 5, pp.81 -85, Sep/Oct., 2004 DOI ScienceOn |
15 | M. Schumacher and U. Roedig, 'Security Engineering with Patterns', In PLoP Proceedings 2001 |
16 | M. Schumacher, 'Security Patterns And Security Standards', in PLoP Proceedings 2001 |
17 | L. M. Cysneiros and J. C. S. P. Leiter, 'Nonfunctional requirements: from elicitation to conceptual models', IEEE Transactions on Software Engineering, Vol.30, No.5, pp.328-350, May, 2004 DOI ScienceOn |
18 | M. Howard and D. C. LeBlanc, 'Writing Secure Code', 2nd Ed., Microsoft, 2003 |
19 | J. Viega, G. McGraw, 'Building Secure Software', Addison Wesley, 2004 |
20 | L. Liu, E. yu, J. Mylopoulos. 'Security and Privacy Requirements Analysis within a Social Setting', Proceedings of the 11th IEEE International Requirements Engineering Conference, pp.151-161, 2003 |
21 | J. McDermott, 'Extracting Security Requirements by Misuse Cases', Proc. 27th Technology of Objected-Oriented Languages and Systems(TOOLS-37 Pacific 2000), Sydney, Australia, pp.120-131, 2000 |
22 | L. M. Cysneiros and J. C. S. P. Leiter, 'Integrating Non-Functional Requirements into data modeling', Proceedings of the 4th International Sysmposium on Requirements Engineering, pp.162-171, 1999 |
23 | J. McDermott, C. Fox, 'Using Abuse Case Models for Security Requirements Analysis', Proc. Annual Computer Security Applications Conference (ACSAC'99), pp.55-64, 1999 DOI |
24 | I. V. Krsul, 'Computer Vulnerability Analysis', PhD thesis, Purdue University, 1998 |
25 | I. Alexander, 'Misuse Cases: Use Cases with Hostile Intent', IEEE Software Jan/Feb, 2003, pp.58-66, 2003 DOI ScienceOn |
26 | G. Sindre and A. L. Opdahl, 'Capturing Security Requirements through Misuse Cases', Proc. 14th Norwegian Informatics Conference, Norway, pp.26-28, Nov., 2001 |
27 | G. McGraw, 'Software Security', IEEE Security & Privacy, pp.80-83, Mar/Apr., 2004 DOI ScienceOn |
28 | G. Hoglund, G. McGraw, 'Exploiting Software: How to break code', Addison Wesley, 2004 |
29 | D. G. Firesmith, 'Specifying Reusable Security Requirements', Journal of Object Technology(JOT), Vol.3, No.1, 2004 DOI |
30 | D. G. Firesmith, 'Security Use Case', Journal of Object Technoly(JOT), Vol.2, No.3, pp.53-64, May/Jun, 2003 DOI |
31 | L. Chung, B. Nixon, E. Yu, and J. Mylopoulos, 'Non-Functional Requirements in Software Engineering', Kluwer Academic Publishers, 1999 |
32 | L. M. Cysneiros, J. C. S. P. Leiter and J. S. M. Neto, 'A Framework for Integrating Non-Functional Requirements into Conceptual Models', Requirements Engineering Journal, Vol.6, Issue2, pp.97-115, Apr., 2001 DOI |
33 | L. M. Cysneiros and J. C. S. P. Leiter, 'Using UML to Reflect Non-Functional Requirements', Proceedigns of the 11 CASCON, IBM Canada, Toronto Nov 2001, pp.202-216, 2001 |