Incorporating Security Requirements from Legal Regulations into UMLsec model
نویسندگان
چکیده
Compliance with law, industry standards, and corporate governance regulations are one of the driving factors for discovering security requirements. This paper aims to incorporate constraints from regulations through security requirements at an early stage of development. Constraints are extracted using a pattern based approach from legal texts of information security laws and policies derived from the security standard ISO/IEC 27001:2005. The UML extension UMLsec is then used to address whether the security requirements defined in a UMLsec model implement these constraints successfully.
منابع مشابه
Risk-Driven Development Of Security-Critical Systems Using UMLsec
Despite a growing awareness of security issues in distributed computing systems, most development processes used today still do not take security aspects into account. To address this problem we make use of a risk-driven approach to develop security-critical systems based on UMLsec, the extension of the Unified Modeling Language (UML) for secure systems development, the safety standard ICE 6150...
متن کاملAlessandra Bagnato ( Ed . ) Security in Model - Driven Architecture European Workshop on Security in Model Driven Architecture 2009 ( SEC - MDA 2009 ) , Enschede ( The Netherlands ) , June 24 , 2009
There is growing demand to evolve systems continuously to meet changing business needs, new regulations and policies, novel technologies and computing infrastructures. Unfortunately, the pace of required change affects developers’ ability to establish and maintain desirable levels of quality of systems. Therefore, the aim of the Secure Change project is to develop techniques and tools that ensu...
متن کاملModel-Based Security Engineering: Managed Co-evolution of Security Knowledge and Software Models
We explain UMLsec and associated techniques to incorporate security aspects in model-based development. Additionally, we show how UMLsec can be used in the context of software evolution. More precisely, we present the SecVolution approach which supports monitoring changes in external security knowledge sources (such as compliance regulations or security databases) in order to react to security ...
متن کاملDeveloping Secure Networked Web-Based Systems Using Model-based Risk Assessment and UMLsec
Despite a growing awareness of security issues in networked computing systems, most development processes used today still do not take security aspects into account. To address this problem, we designed a process for developing secure networked systems based on the extension of the Unified Modeling Language (UML) for secure systems development UMLsec and on the concept of model-based risk asses...
متن کاملUse Case Application in Requirements Analysis using Secure Tropos to UMLsec - Security Issues
Information Systems Security is one of the most critical challenges presently facing nearly every one of the organizations. However, making certain security and quality in both information and the systems which control information is a difficult goal necessitating the mixture of two wide research disciplines which are typically separate: security engineering and secure software engineering. Sec...
متن کامل