Authors: Motoshi Saeki, Shinpei Hayashi, Tatsuya Abe
Tags: 2015, conceptual modeling
In order to develop secure information systems with less development cost, it is important to elicit the requirements to security functions (simply security requirements) as early in their development process as possible. To achieve it, accumulated knowledge of threats and their objectives obtained from practical experiences is useful, and the technique to support the elicitation of security requirements utilizing this knowledge should be developed. In this paper, we present the technique for security requirements elicitation using practical knowledge of threats, their objectives and security functions realizing the objectives, which is extracted from Security Target documents compliant to the standard Common Criteria. We show the usefulness of our approach with several case studies.Read the full paper here: https://link-springer-com.proxy2.hec.ca/chapter/10.1007/978-3-319-25747-1_24