Aretxaga, Begona ˜ 2003 Maddening States. Annual Review of Anthropology_cropped
F122028 – VIVAN Kourosh. Authors Universidad de Murcia Ambrosio TOVAL, Reader in Software...
-
Upload
eleanore-rich -
Category
Documents
-
view
213 -
download
0
Transcript of F122028 – VIVAN Kourosh. Authors Universidad de Murcia Ambrosio TOVAL, Reader in Software...
![Page 1: F122028 – VIVAN Kourosh. Authors Universidad de Murcia Ambrosio TOVAL, Reader in Software Engineering in the Department of Computing Joaquin NICOLAS Begona.](https://reader036.fdocuments.us/reader036/viewer/2022062804/56649e615503460f94b5c07b/html5/thumbnails/1.jpg)
REQUIREMENTS REUSE FOR IMPROVING
INFORMATION SYSTEMS SECURITY
F122028 – VIVAN Kourosh
![Page 2: F122028 – VIVAN Kourosh. Authors Universidad de Murcia Ambrosio TOVAL, Reader in Software Engineering in the Department of Computing Joaquin NICOLAS Begona.](https://reader036.fdocuments.us/reader036/viewer/2022062804/56649e615503460f94b5c07b/html5/thumbnails/2.jpg)
VIVAN Kourosh - ME 2013 2
Authors
• Universidad de MurciaAmbrosio TOVAL, Reader in Software
Engineering in the Department of ComputingJoaquin NICOLASBegona MOROS, lecturer. She has a
background in prototyping environment, software development and requirement engineering (RE)
Universidad Politécnica de ValenciaFernando GARCIS
![Page 3: F122028 – VIVAN Kourosh. Authors Universidad de Murcia Ambrosio TOVAL, Reader in Software Engineering in the Department of Computing Joaquin NICOLAS Begona.](https://reader036.fdocuments.us/reader036/viewer/2022062804/56649e615503460f94b5c07b/html5/thumbnails/3.jpg)
VIVAN Kourosh - ME 2013 3
Origins
CARMMA project:develop a risk analysis using MAGERIT in the
Regional Information Systems and Telecommunications Office
One year/ 5 analysts/ 50 stakeholders Results
Countermeasures costs could be lower if assets would be developed taking into security issue from the beginning. But MAGERIT countermeasures are linked to thread not assets.
![Page 4: F122028 – VIVAN Kourosh. Authors Universidad de Murcia Ambrosio TOVAL, Reader in Software Engineering in the Department of Computing Joaquin NICOLAS Begona.](https://reader036.fdocuments.us/reader036/viewer/2022062804/56649e615503460f94b5c07b/html5/thumbnails/4.jpg)
VIVAN Kourosh - ME 2013 4
Purpose
Method took place during elicitation and specification
Use a reused repository that contains Requirements from MAGERIT
Method focus on security of information system
Method result are:Specification documents and testing
documents
![Page 5: F122028 – VIVAN Kourosh. Authors Universidad de Murcia Ambrosio TOVAL, Reader in Software Engineering in the Department of Computing Joaquin NICOLAS Begona.](https://reader036.fdocuments.us/reader036/viewer/2022062804/56649e615503460f94b5c07b/html5/thumbnails/5.jpg)
VIVAN Kourosh - ME 2013 5
Main phases
1. Requirements selection
2. Analysis and negociation
3. Documentation
4. Repository improvement
5. Validation
![Page 6: F122028 – VIVAN Kourosh. Authors Universidad de Murcia Ambrosio TOVAL, Reader in Software Engineering in the Department of Computing Joaquin NICOLAS Begona.](https://reader036.fdocuments.us/reader036/viewer/2022062804/56649e615503460f94b5c07b/html5/thumbnails/6.jpg)
VIVAN Kourosh - ME 2013 6
Create reused repository
![Page 7: F122028 – VIVAN Kourosh. Authors Universidad de Murcia Ambrosio TOVAL, Reader in Software Engineering in the Department of Computing Joaquin NICOLAS Begona.](https://reader036.fdocuments.us/reader036/viewer/2022062804/56649e615503460f94b5c07b/html5/thumbnails/7.jpg)
VIVAN Kourosh - ME 2013 7
Reused repository
Classified by domains and profilesDomains: finance, shop...Profiles: personal data law privacy,
information system security…
Requirement can be parameterized or not
![Page 8: F122028 – VIVAN Kourosh. Authors Universidad de Murcia Ambrosio TOVAL, Reader in Software Engineering in the Department of Computing Joaquin NICOLAS Begona.](https://reader036.fdocuments.us/reader036/viewer/2022062804/56649e615503460f94b5c07b/html5/thumbnails/8.jpg)
VIVAN Kourosh - ME 2013 8
Requirements selection
![Page 9: F122028 – VIVAN Kourosh. Authors Universidad de Murcia Ambrosio TOVAL, Reader in Software Engineering in the Department of Computing Joaquin NICOLAS Begona.](https://reader036.fdocuments.us/reader036/viewer/2022062804/56649e615503460f94b5c07b/html5/thumbnails/9.jpg)
VIVAN Kourosh - ME 2013 9
Analysis and negotiation
![Page 10: F122028 – VIVAN Kourosh. Authors Universidad de Murcia Ambrosio TOVAL, Reader in Software Engineering in the Department of Computing Joaquin NICOLAS Begona.](https://reader036.fdocuments.us/reader036/viewer/2022062804/56649e615503460f94b5c07b/html5/thumbnails/10.jpg)
VIVAN Kourosh - ME 2013 10
Documentation
![Page 11: F122028 – VIVAN Kourosh. Authors Universidad de Murcia Ambrosio TOVAL, Reader in Software Engineering in the Department of Computing Joaquin NICOLAS Begona.](https://reader036.fdocuments.us/reader036/viewer/2022062804/56649e615503460f94b5c07b/html5/thumbnails/11.jpg)
VIVAN Kourosh - ME 2013 11
Repository improvement & Validation
![Page 12: F122028 – VIVAN Kourosh. Authors Universidad de Murcia Ambrosio TOVAL, Reader in Software Engineering in the Department of Computing Joaquin NICOLAS Begona.](https://reader036.fdocuments.us/reader036/viewer/2022062804/56649e615503460f94b5c07b/html5/thumbnails/12.jpg)
VIVAN Kourosh - ME 2013 12
Related litteratures Toval, A., Nicolás, J., Moros, B., & García, F. (2002). Requirements
reuse for improving information systems security: a practitioner’s approach.Requirements Engineering, 6(4), 205-219.
Sindre, G., Firesmith, D. G., & Opdahl, A. L. (2003, June). A reuse-based approach to determining security requirements. In Proceedings of the 9th international workshop on requirements engineering: foundation for software quality (REFSQ’03), Klagenfurt, Austria.
Gutiérrez, C., Moros, B., Toval, A., Fernández-Medina, E., & Piattini, M. (2005, August). Security requirements for web services based on SIREN. In Symposium on Requirements Engineering for Information Security, Paris, France.
Tsang, V. W. S. Towards Analysis of Templates for Security Requirements(Doctoral dissertation, University of Auckland).
![Page 13: F122028 – VIVAN Kourosh. Authors Universidad de Murcia Ambrosio TOVAL, Reader in Software Engineering in the Department of Computing Joaquin NICOLAS Begona.](https://reader036.fdocuments.us/reader036/viewer/2022062804/56649e615503460f94b5c07b/html5/thumbnails/13.jpg)
VIVAN Kourosh - ME 2013 13
PDD
![Page 14: F122028 – VIVAN Kourosh. Authors Universidad de Murcia Ambrosio TOVAL, Reader in Software Engineering in the Department of Computing Joaquin NICOLAS Begona.](https://reader036.fdocuments.us/reader036/viewer/2022062804/56649e615503460f94b5c07b/html5/thumbnails/14.jpg)
VIVAN Kourosh - ME 2013 14
Deliverables
![Page 15: F122028 – VIVAN Kourosh. Authors Universidad de Murcia Ambrosio TOVAL, Reader in Software Engineering in the Department of Computing Joaquin NICOLAS Begona.](https://reader036.fdocuments.us/reader036/viewer/2022062804/56649e615503460f94b5c07b/html5/thumbnails/15.jpg)
VIVAN Kourosh - ME 2013 15
Exemple
SyRS.3.5.2.S42. The maintainability contract of the electronic equipment shall include a clause enforcing the supplier to make a commitment to solve any failure in less than [time in minutes].
SyRS: System Requirement Specification document3.5.2: Section number
3.5 System attributesS42 : Security requirement 42
IEEE 1233standard
![Page 16: F122028 – VIVAN Kourosh. Authors Universidad de Murcia Ambrosio TOVAL, Reader in Software Engineering in the Department of Computing Joaquin NICOLAS Begona.](https://reader036.fdocuments.us/reader036/viewer/2022062804/56649e615503460f94b5c07b/html5/thumbnails/16.jpg)
VIVAN Kourosh - ME 2013 16
Thank you