The SecReq approach: From security requirements to secure design while Managing Software Evolution

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Authors

Research Organisations

External Research Organisations

  • TU Dortmund University
View graph of relations

Details

Original languageEnglish
Title of host publicationSoftware Engineering 2014
EditorsWilhelm Hasselbring, Nils Christian Ehmke
PublisherGesellschaft fur Informatik (GI)
Pages89-90
Number of pages2
ISBN (electronic)9783885796213
Publication statusPublished - 2014
EventSoftware Engineering 2014 - Kiel, Germany
Duration: 25 Feb 201428 Feb 2014

Publication series

NameLecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI)
VolumeP227
ISSN (Print)1617-5468

Abstract

We present the security requirements & design approach SecReq developed in joint work over the last few years. As a core feature, this approach supports reusing security engineering experience gained during the development of security-critical software and feeding it back into the development process through the HeRA Heuristic Requirements Assistant. Based on this information a model-based security analysis of the software design can be performed using the UMLsec approach and its associated tool-platform CARiSMA. In recent work within the project DFG project SecVolution (SPP 1593 "Design For Future - Managed Software Evolution"), we have been extending the approach with techniques, tools, and processes that support security requirements and design analysis techniques for evolving information systems in order to ensure "lifelong" compliance to security requirements, heuristic tools and techniques that support elicitation of relevant changes in the environment.

ASJC Scopus subject areas

Cite this

The SecReq approach: From security requirements to secure design while Managing Software Evolution. / Jürjens, J.; Schneider, K.
Software Engineering 2014. ed. / Wilhelm Hasselbring; Nils Christian Ehmke. Gesellschaft fur Informatik (GI), 2014. p. 89-90 (Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI); Vol. P227).

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Jürjens, J & Schneider, K 2014, The SecReq approach: From security requirements to secure design while Managing Software Evolution. in W Hasselbring & NC Ehmke (eds), Software Engineering 2014. Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI), vol. P227, Gesellschaft fur Informatik (GI), pp. 89-90, Software Engineering 2014, Kiel, Germany, 25 Feb 2014. <https://dl.gi.de/items/01206906-ae3d-4bc7-8b67-fcf6c19bd550>
Jürjens, J., & Schneider, K. (2014). The SecReq approach: From security requirements to secure design while Managing Software Evolution. In W. Hasselbring, & N. C. Ehmke (Eds.), Software Engineering 2014 (pp. 89-90). (Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI); Vol. P227). Gesellschaft fur Informatik (GI). https://dl.gi.de/items/01206906-ae3d-4bc7-8b67-fcf6c19bd550
Jürjens J, Schneider K. The SecReq approach: From security requirements to secure design while Managing Software Evolution. In Hasselbring W, Ehmke NC, editors, Software Engineering 2014. Gesellschaft fur Informatik (GI). 2014. p. 89-90. (Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI)).
Jürjens, J. ; Schneider, K. / The SecReq approach : From security requirements to secure design while Managing Software Evolution. Software Engineering 2014. editor / Wilhelm Hasselbring ; Nils Christian Ehmke. Gesellschaft fur Informatik (GI), 2014. pp. 89-90 (Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI)).
Download
@inproceedings{45866562270d414e91de0e14e4e272ae,
title = "The SecReq approach: From security requirements to secure design while Managing Software Evolution",
abstract = "We present the security requirements & design approach SecReq developed in joint work over the last few years. As a core feature, this approach supports reusing security engineering experience gained during the development of security-critical software and feeding it back into the development process through the HeRA Heuristic Requirements Assistant. Based on this information a model-based security analysis of the software design can be performed using the UMLsec approach and its associated tool-platform CARiSMA. In recent work within the project DFG project SecVolution (SPP 1593 {"}Design For Future - Managed Software Evolution{"}), we have been extending the approach with techniques, tools, and processes that support security requirements and design analysis techniques for evolving information systems in order to ensure {"}lifelong{"} compliance to security requirements, heuristic tools and techniques that support elicitation of relevant changes in the environment.",
author = "J. J{\"u}rjens and K. Schneider",
year = "2014",
language = "English",
series = "Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI)",
publisher = "Gesellschaft fur Informatik (GI)",
pages = "89--90",
editor = "Wilhelm Hasselbring and Ehmke, {Nils Christian}",
booktitle = "Software Engineering 2014",
address = "Germany",
note = "Software Engineering 2014 ; Conference date: 25-02-2014 Through 28-02-2014",

}

Download

TY - GEN

T1 - The SecReq approach

T2 - Software Engineering 2014

AU - Jürjens, J.

AU - Schneider, K.

PY - 2014

Y1 - 2014

N2 - We present the security requirements & design approach SecReq developed in joint work over the last few years. As a core feature, this approach supports reusing security engineering experience gained during the development of security-critical software and feeding it back into the development process through the HeRA Heuristic Requirements Assistant. Based on this information a model-based security analysis of the software design can be performed using the UMLsec approach and its associated tool-platform CARiSMA. In recent work within the project DFG project SecVolution (SPP 1593 "Design For Future - Managed Software Evolution"), we have been extending the approach with techniques, tools, and processes that support security requirements and design analysis techniques for evolving information systems in order to ensure "lifelong" compliance to security requirements, heuristic tools and techniques that support elicitation of relevant changes in the environment.

AB - We present the security requirements & design approach SecReq developed in joint work over the last few years. As a core feature, this approach supports reusing security engineering experience gained during the development of security-critical software and feeding it back into the development process through the HeRA Heuristic Requirements Assistant. Based on this information a model-based security analysis of the software design can be performed using the UMLsec approach and its associated tool-platform CARiSMA. In recent work within the project DFG project SecVolution (SPP 1593 "Design For Future - Managed Software Evolution"), we have been extending the approach with techniques, tools, and processes that support security requirements and design analysis techniques for evolving information systems in order to ensure "lifelong" compliance to security requirements, heuristic tools and techniques that support elicitation of relevant changes in the environment.

UR - http://www.scopus.com/inward/record.url?scp=84907905953&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84907905953

T3 - Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI)

SP - 89

EP - 90

BT - Software Engineering 2014

A2 - Hasselbring, Wilhelm

A2 - Ehmke, Nils Christian

PB - Gesellschaft fur Informatik (GI)

Y2 - 25 February 2014 through 28 February 2014

ER -

By the same author(s)

  1. Supporting Value-Aware Software Engineering Through Traceability and Value Tactics

    Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

  2. Organizing Graphical User Interface tests from behavior‐driven development as videos to obtain stakeholders' feedback

    Research output: Contribution to journalArticleResearchpeer review

  3. What you see is what you trace: a two-stage interview study on traceability practices and eye tracking potential

    Research output: Contribution to journalArticleResearchpeer review

  4. Paving the Way Towards an Effective Vision Video Usage: An Exploratory Study

    Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

  5. Human factors in model-driven engineering: future research goals and initiatives for MDE

    Research output: Contribution to journalArticleResearchpeer review