Towards a Systematic Development of Secure Systems

Gerhard Popp

Abstract

In this paper we outline a new process model for security engineering. This process model extends object oriented, use case driven software development by the systematic treatment of security related issues. We introduce the notion of security aspects describing security relevant requirements and measures at a certain level of abstraction. We define a micro-process for security analysis supporting the systematic development of secure components within iterative systems development.

References

  1. [AK01] Gail-Joon Ahn and Kwangjo Kim. CONUGA: Constrained User Group Assignment. Journal of Network and Computer Applications, 24(2), April 2001.
  2. [AS00] Gail-Joon Ahn and Ravi Sandhu. Role-based authorization constraints specification. ACM Transactions on Information and System Security, 3(4):207-226, November 2000.
  3. [FCK95] David Ferraiolo, Janet Cugini, and Richard Kuhn. Role-based access control (RBAC): Features and motivations. In Proceedings of 11th Annual Computer Security Application Conference, pages 241-48, New Orleans, LA, December 11-15 1995.
  4. [GI96] Luigi Guiri and Pietro Iglio. A formal model for role-based access control with constraints. In Proceedings of IEEE Computer Security Foundations Workshop 9, pages 136-145, Kenmare, Ireland, June 1996.
  5. [JGAS01] James Joshi, Arif Ghafoor, Walid G. Aref, and Eugene H. Spafford. Digital government security infrastructure design challenges. IEEE Computer, 34(2):66-72, February 2001.
  6. [NO95] Matunda Nyanchama and Sylvia Osborn. Access rights administration in role-based security systems. In J. Biskup, M. Morgernstern, and C. Landwehr, editors, Database Security VIII: Status and Prospects. North-Holland, 1995.
  7. [San97] Ravi Sandhu. Roles versus groups. In Proceedings of the 1st ACM Workshop on Role-Based Access Control. ACM, 1997.
  8. [SB97] Ravi Sandhu and Venkata Bhamidipati. The URA97 model for role-based administration of user-role assignment. In T. Y. Lin and Xiaolei Qian, editors, Database Security XI: Status and Prospects. North-Holland, 1997.
  9. [SCFY96] Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. Rolebased access control models. IEEE Computer, 29(2):38-47, February 1996.
  10. [YCS95] Charles Youman, Ed Coyne, and Ravi Sandhu, editors. Proceedings of the 1st ACM Workshop on Role-Based Access Control, Nov 31-Dec. 1, 1995. ACM, 1995.
Download


Paper Citation


in Harvard Style

Popp G. (2004). Towards a Systematic Development of Secure Systems . In Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004) ISBN 972-8865-07-4, pages 13-22. DOI: 10.5220/0002654400130022


in Bibtex Style

@conference{wosis04,
author={Gerhard Popp},
title={Towards a Systematic Development of Secure Systems},
booktitle={Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004)},
year={2004},
pages={13-22},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002654400130022},
isbn={972-8865-07-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004)
TI - Towards a Systematic Development of Secure Systems
SN - 972-8865-07-4
AU - Popp G.
PY - 2004
SP - 13
EP - 22
DO - 10.5220/0002654400130022