Wosis 2004
نویسندگان
چکیده
In this paper we outline a new process model for security engineering.This process model extends object oriented, use case driven software developmentby the systematic treatment of security related issues. We introduce the notion ofsecurity aspects describing security relevant requirements and measures at acertain level of abstraction. We define a micro-process for security analysissupporting the systematic development of secure components within iterativesystems development.
منابع مشابه
Integrating Security and Privacy Issues in System Design
Security and privacy issues are often an afterthought when it comes to system design. However, failure to address these issues during analysis and design could result in catastrophic effects. We propose a conceptual model for creating subsystems of security and privacy that are integral parts of the overall system architecture.
متن کاملRisk Analysis of Biometric Systems
This paper, presents a risk analysis knowledgebase, which aims to enhance existing risk analysis methodologies and tools, by adding the capability of analyzing the risk of the biometric component of an information system. The knowledgebase was created by applying the Multi-Criteria Analysis methodology to the results of research in the security aspect of biometric technologies. The result is a ...
متن کاملTowards a Classification of Security Metrics
For the generation of trust in the use of information and communications technologies it is necessary to demonstrate security in the use of these technologies. Security metrics or assurance metrics are the most appropriate method to generate that trust. In this article we propose a series of features for classifying security metrics. We present the main conclusions obtained through this classif...
متن کاملAuthentication and Authorisation for Integrated SIP Services in Heterogeneous Environments
In order to provide secure and high quality IP-based communication in heterogeneous environments there is a clear need to couple the signalling protocols used for establishing such communication sessions with supporting components and services providing QoS control, security and mediations between different technologies. In this paper we will be investigating the issue of providing an authoriza...
متن کاملHealth care and social inference systems: An unauthorized inference control based on fuzzy logic
In this paper, we address the problem of unauthorized inference of confidential information in the field of health care and social information systems. More precisely, we will focus on the problem of inference control of confidential information from statistical databases which contain information about patients and propopse a method based on fuzzy logic to avoid unauthorized inference. Informa...
متن کاملIntrusion Risk Analysis and the Power Law Distribution of Attacks
Risk analysis is the first essential step in the risk management process. In order to do an effective risk analysis, is necessary to identify and quantify the threats to information technology assets. Then statistical models of information security threats are required to develop effective risk analysis methodologies. We present experimental evidence suggesting that network intrusion attacks fo...
متن کامل