Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

A model for structuring and reusing security requirements sources and security requirements

: Schmitt, Christian; Liggesmeyer, Peter

Volltext (PDF; )

Matulevicius, Raimundas (Ed.); Weyer, Thorsten (Ed.); Forbrig, Peter (Ed.); Herrmann, Andrea (Ed.); Daneva, Maya (Ed.); Doerr, Joerg (Ed.); Hoffmann, Anne (Ed.); Kalenborn, Axel (Ed.); Trapp, Marcus (Ed.); Herzwurm, Georg (Ed.); Pietsch, Wolfram (Ed.); Lenz, Annika (Ed.); Schockert, Sixten (Ed.); Daun, Marian (Ed.); Palomares, Cristina (Ed.); Morales Ramirez, Itzel (Ed.); Tenbergen, Bastian (Ed.); Paech, Barbara (Ed.); Wieringa, Roel (Ed.); Knauss, Eric (Ed.); Perini, Anna (Ed.):
REFSQ 2015, Joint Workshops on Research Method Track, and Poster Track. Proceedings : Co-located with the 21st International Conference on Requirements Engineering: Foundation for Software Quality, REFSQ 2015, Essen, Germany, March 23, 2015
Essen, 2015 (CEUR Workshop Proceedings 1342)
International Workshop on Creativity in Requirements Engineering (CreaRE) <5, 2015, Essen>
International Working Conference on Requirements Engineering - Foundation for Software Quality (REFSQ) <21, 2015, Essen>
Konferenzbeitrag, Elektronische Publikation
Fraunhofer IESE ()
requirements reuse; requirements engineering; system security engineering; software security

Various security requirements sources need to be incorporated when developing security requirements. A challenge for teams developing security requirements is to identify and structure relevant sources, to satisfy compliance-related obligations, and to identify and properly address relevant threats, weaknesses and vulnerabilities. In this paper, we present a generic model which can be used for structuring and reusing security requirements sources and security requirements, to improve the efficiency of security requirements engineering and to achieve a desired 'baseline' security level and completeness of security requirements. The model supports security requirements engineering in general but can also be applied for continuous security requirements engineering in order to analyze and evaluate the influence of changes in software or the environment on security requirements and the overall software and system security. Elements of the model and their interdependencies are described, and observations on important aspects when applying this model in an organization are provided.