A systematic review of security requirements engineering

被引：105

作者：

Mellado, Daniel ^{[2
]}

Blanco, Carlos ^{[1
]}

Sanchez, Luis E. ^{[3
]}

Fernandez-Medina, Eduardo ^{[1
]}

机构：

[1] Univ Castilla La Mancha, Dept Informat Technol & Syst, Alarcos Res Grp, E-13071 Ciudad Real, Spain

[2] Spanish Tax Agcy, Madrid, Spain

[3] SICAMAN Nuevas Tecnol, Ciudad Real, Spain

来源：

COMPUTER STANDARDS & INTERFACES | 2010年 / 32卷 / 04期

关键词：

Security requirements; Security requirements engineering; Requirements engineering; Security engineering; Secure development; Security; Systematic review; FRAMEWORK;

D O I：

10.1016/j.csi.2010.01.006

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

One of the most important aspects in the achievement of secure software systems in the software development process is what is known as Security Requirements Engineering. However, very few reviews focus on this theme in a systematic, thorough and unbiased manner, that is, none of them perform a systematic review of security requirements engineering, and there is not, therefore, a sufficiently good context in which to operate. In this paper we carry out a systematic review of the existing literature concerning security requirements engineering in order to summarize the evidence regarding this issue and to provide a framework/background in which to appropriately position new research activities. (C) 2010 Elsevier B.V. All rights reserved.

引用

页码：153 / 165

页数：13

共 74 条

[1]

ABUNIMEH S, 2009, INTEGRATING PRIVACY, P542

[2]

ALI R, 2008, 27 INT C CONC MOD ER

[3]

ALI R, 2009, 14 INT C EXPL MOD ME

[4]

[Anonymous], 2005, Int. Sugar J.

[5] Model Driven Security: From UML models to access control infrastructures [J].

Basin, D ;

Doser, J ;

Lodderstedt, T .

ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 2006, 15 (01) :39-91

[6]

BASIN D, 2003, MODEL DRIVEN SECURIT, P100

[7]

BEST B, 2007, MODEL BASED SECURITY, P581

[8] Eliciting security requirements through misuse activities [J].

Braz, Fabricio A. ;

Ferriandez, Eduardo B. ;

VanHilst, Michael .

DEXA 2008: 19TH INTERNATIONAL CONFERENCE ON DATABASE AND EXPERT SYSTEMS APPLICATIONS, PROCEEDINGS, 2008, :328-+

[9] Lessons from applying the systematic literature review process within the software engineering domain [J].

Brereton, Pearl ;

Kitchenham, Barbara A. ;

Budgen, David ;

Turner, Mark ;

Khalil, Mohamed .

JOURNAL OF SYSTEMS AND SOFTWARE, 2007, 80 (04) :571-583

[10]

BRESCIANI P, 2004, J AUTONOMOUS AGENTS, V8, P203, DOI DOI 10.1023/B:AGNT.0000018806.20944.EF

← 1 2 3 4 5 6 7 8 →