A systematic framework for structured object-oriented security requirements analysis

Author

Sojan Markose

Keywords and Phrases

Requirements analysis; Misuse cases

Abstract

"The primary goal of this research is to develop a structured object-oriented security requirements analysis methodology for the elicitation and analysis of security requirements. There are several approaches to elicit, analyze and specify security requirements for software systems ranging from formal mathematical models for proof of certain security properties to informal methods that are easily understood. Applicability of formal security models is limited because they are complex and it is time consuming to develop. On the other hand, informal security requirements analysis methods are not integrated with conceptual models in requirements analysis, and they provide no process for analyzing both internal and external threats in a structured manner. It is a common approach to specify the security needs of a system in terms of how to achieve security during the implementation phase and not in terms of identifying the threats in the early stages of system development. Therefore, it is important to develop effective methods for eliciting security requirements at the early stages of system development.

The proposed methodology is capable of identifying hierarchically both external and internal threats posed by both external and internal actors of a system level by level. The new methodology is illustrated and validated by security requirements analysis for an online banking system and an advanced power grid control system. These application examples demonstrate the proposed methodology and its ability to achieve the desired goals.

A research paper “A Systematic Framework for Structured Object-Oriented Security Requirements Analysis” has been submitted for publication consideration in the International Conference on Software Engineering (ICSIi 2006) as part of this research."--Abstract, page iii.

Advisor(s)

Liu, Xiaoqing Frank

Committee Member(s)

Xia, Franck
Lea, Bih-Ru

Department(s)

Computer Science

Degree Name

M.S. in Computer Science

Publisher

University of Missouri--Rolla

Publication Date

Fall 2005

Pagination

vii, 44 pages

Note about bibliography

Includes bibliographical references (pages 42-43).

Rights

© 2005 Sojan Markose, All rights reserved.

Document Type

Thesis - Restricted Access

File Type

text

Language

English

Subject Headings

Computer networks -- Security measures
Object-oriented methods (Computer science)

Thesis Number

T 8869

Print OCLC #

70632242

Link to Catalog Record

Electronic access to the full-text of this document is restricted to Missouri S&T users. Otherwise, request this publication directly from Missouri S&T Library or contact your local library.

Recommended Citation

Markose, Sojan, "A systematic framework for structured object-oriented security requirements analysis" (2005). Masters Theses. 3819.
https://scholarsmine.mst.edu/masters_theses/3819