Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

The SecReq approach: From security requirements to secure design while managing software evolution

: Jürjens, Jan; Schneider, Kurt

Hasselbring, W. ; Gesellschaft für Informatik -GI-, Bonn:
Software Engineering 2014 : Fachtagung des GI-Fachbereichs Softwaretechnik; 25. Februar - 28. Februar 2014 in Kiel, Deutschland
Bonn: Köllen, 2014 (GI-Edition - Lecture Notes in Informatics (LNI) - Proceedings 227)
ISBN: 978-3-88579-621-3
Fachtagung Software Engineering <2014, Kiel>
Fraunhofer ISST ()

We present the security requirements & design approach SecReq developed in joint work over the last few years. As a core feature, this approach supports reusing security engineering experience gained during the development of security-critical software and feeding it back into the development process through the HeRA Heuristic Requirements Assistant. Based on this information a model-based security analysis of the software design can be performed using the UMLsec approach and its associated tool-platform CARiSMA. In recent work within the project DFG project SecVolution (SPP 1593 “Design For Future – Managed Software Evolution”), we have been extending the approach with techniques, tools, and processes that support security requirements and design analysis techniques for evolving information systems in order to ensure "lifelong" compliance to security requirements. Heuristic tools and techniques that support elicitation of relevant changes in the environment.