Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Practical experience gained from modeling security goals. Using SGITs in an industrial project

: Jung, Christian; Elberzhager, Frank; Bagnato, Alessandra; Raiteri, Fabio


Institute of Electrical and Electronics Engineers -IEEE-:
International Conference on Availability, Reliability and Security, ARES 2010. Proceedings : Krakow, Poland, 15 - 18 February 2010; including workshop papers
Los Alamitos, Calif.: IEEE Computer Society Press, 2010
ISBN: 978-0-7695-3965-2
ISBN: 978-1-4244-5879-0
International Conference on Availability, Reliability and Security (ARES) <5, 2010, Krakow>
Conference Paper
Fraunhofer IESE ()
inspection; practical experience; software security; software inspection; security

Security inspections, especially in the early development stage, are becoming increasingly important for bringing security-relevant aspects into software systems. Nowadays, such inspections often do not focus in detail on security. The well-known and approved benefits of inspections do not exploit their full potential regarding security. Thus, we have developed the Security Goal Indicator Tree (SGIT) for eliminating existing shortcomings. SGITs are a new approach for modeling and checking security-relevant aspects during the entire software development lifecycle. This article describes the modeling of such security-goal-based trees as part of requirements engineering. Initial experience was gathered from creating SGITs in an industrial environment. After the probands of our industry partner received training on existing security models, the necessary knowledge for creating security models was collected and applied. This resulted in three context-specific SGITs discussed in this article.