Inlämning av Examensarbete / Submission of Thesis

Khalil Abu-Sheikh MSE-2007:05, pp. 68. TEK/avd. för programvaruteknik, 2007.

The work

Författare / Author: Khalil Abu-Sheikh
Titel / Title: Reviewing and Evaluating Techniques for Modeling and Analyzing Security Requirements
Abstrakt Abstract:

The software engineering community recognized the importance of addressing security requirements with other functional requirements from the beginning of the software development life cycle. Therefore, there are some techniques that have been developed to achieve this goal. Thus, we conducted a theoretical study that focuses on reviewing and evaluating some of the techniques that are used to model and analyze security requirements. Thus, the Abuse Cases, Misuse Cases, Data Sensitivity and Threat Analyses, Strategic Modeling, and Attack Trees techniques are investigated in detail to understand and highlight the similarities and differences between them. We found that using these techniques, in general, help requirements engineer to specify more detailed security requirements. Also, all of these techniques cover the concepts of security but in different levels. In addition, the existence of different techniques provides a variety of levels for modeling and analyzing security requirements. This helps requirements engineer to decide which technique to use in order to address security issues for the system under investigation. Finally, we found that using only one of these techniques will not be suitable enough to satisfy the security requirements of the system under investigation. Consequently, we consider that it would be beneficial to combine the Abuse Cases or Misuse Cases techniques with the Attack Trees technique or to combine the Strategic Modeling and Attack Trees techniques together in order to model and analyze security requirements of the system under investigation. The concentration on using the Attack Trees technique is due to the reusability of the produced attack trees, also this technique helps in covering a wide range of attacks, thus covering security concepts as well as security requirements in a proper way.

Ämnesord / Subject: Datavetenskap - Computer Science\Software Engineering

Nyckelord / Keywords: Security Requirements, Abuse Cases, Misuse Cases, Data Sensitivity and Threat Analyses, Strategic Modeling, Attack Trees.

Publication info

Dokument id / Document id:
Program:/ Programme Programvaruteknik/Software Engineering
Registreringsdatum / Date of registration: 01/31/2007
Uppsatstyp / Type of thesis: D-Uppsats/Magister/Master


Handledare / Supervisor: Per Jönsson
Examinator / Examiner: Robert Feldt
Organisation / Organisation: Blekinge Institute of Technology
Institution / School: TEK/avd. för programvaruteknik
S-372 25 Ronneby
+46 455 38 50 00

Files & Access

Bifogad uppsats fil(er) / Files attached: master_thesis_mse_05.pdf (1041 kB, öppnas i nytt fönster)