Advertisement

A Foundation for Requirements Analysis of Dependable Software

  • Denis Hatebur
  • Maritta Heisel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5775)

Abstract

We present patterns for expressing dependability requirements, such as confidentiality, integrity, availability, and reliability. The paper considers random faults as well as certain attacks and therefore supports a combined safety and security engineering. The patterns - attached to functional requirements - are part of a pattern system that can be used to identify missing requirements.

Keywords

Functional Requirement Security Requirement Requirement Analysis Message Authentication Code Domain Type 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Common Criteria for Information Technology Security Evaluation, Version 3.1 (September 2006), http://www.commoncriteriaportal.org/public/expert/
  2. 2.
    Avizienis, A., Laprie, J.-C., Randall, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing 1(1), 11–33 (2004), http://se2c.uni.lu/tiki/se2c-bib_download.php?id=2433 CrossRefGoogle Scholar
  3. 3.
    Côté, I., Hatebur, D., Heisel, M., Schmidt, H., Wentzlaff, I.: A systematic account of problem frames. In: Proceedings of the European Conference on Pattern Languages of Programs (EuroPLoP 2007). Universitätsverlag Konstanz (2008)Google Scholar
  4. 4.
    Courtois, P.-J.: Safety, reliability and software based systems requirements. In: Contribution to the UK ACSNI Report of the Study Group on the safety of Operational Computer Systems (June 1997)Google Scholar
  5. 5.
    Gürses, S., Jahnke, J.H., Obry, C., Onabajo, A., Santen, T., Price, M.: Eliciting confidentiality requirements in practice. In: CASCON 2005: Proceedings of the 2005 conference of the Centre for Advanced Studies on Collaborative research, pp. 101–116. IBM Press (2005)Google Scholar
  6. 6.
    Hatebur, D., Heisel, M.: A foundation for requirements analysis of dependable software (technical report). Technical report, Universität Duisburg-Essen (2009), http://swe.uni-due.de/techrep/founddep.pdf
  7. 7.
    Hatebur, D., Heisel, M., Schmidt, H.: Security engineering using problem frames. In: Müller, G. (ed.) ETRICS 2006. LNCS, vol. 3995, pp. 238–253. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Hatebur, D., Heisel, M., Schmidt, H.: A pattern system for security requirements engineering. In: Werner, B. (ed.) Proceedings of the International Conference on Availability, Reliability and Security (AReS), IEEE Transactions, pp. 356–365. IEEE, Los Alamitos (2007)CrossRefGoogle Scholar
  9. 9.
    Hatebur, D., Heisel, M., Schmidt, H.: Analysis and component-based realization of security requirements. In: Proceedings of the International Conference on Availability, Reliability and Security (AReS), IEEE Transactions, pp. 195–203. IEEE, Los Alamitos (2008)Google Scholar
  10. 10.
    Hatebur, D., Heisel, M., Schmidt, H.: A formal metamodel for problem frames. In: Czarnecki, K., Ober, I., Bruel, J.-M., Uhl, A., Völter, M. (eds.) MODELS 2008. LNCS, vol. 5301, pp. 68–82. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    International Electrotechnical Commission IEC. Functional safety of electrical/electronic/programmable electronic safty-relevant systems (2000)Google Scholar
  12. 12.
    Jackson, M.: Problem Frames. Analyzing and structuring software development problems. Addison-Wesley, Reading (2001)Google Scholar
  13. 13.
    Jackson, M., Zave, P.: Deriving specifications from requirements: an example. In: Proceedings 17th Int. Conf. on Software Engineering, Seattle, USA, pp. 15–24. ACM Press, New York (1995)Google Scholar
  14. 14.
    Laprie, J.-C.: Dependability computing and fault tolerance: Concepts and terminology. Fault-Tolerant Computing – Highlights from Twenty-Five Years, 2–13 (June 1995), http://lion.ee.ntu.edu.tw/Class/FTDS_2008/Laprie-Definitions.pdf
  15. 15.
    Pfitzmann, A., Hansen, M.: Anonymity, unlinkability, unobservability, pseudonymity, and identity management - a consolidated proposal for terminology. Technical report, TU Dresden and ULD Kiel, 5 (2006), http://dud.inf.tu-dresden.de/Anon_Terminology.shtml
  16. 16.
    Røstad, L., Tøndel, I.A., Line, M.B., Nordland, O.: Safety vs. security. In: Stamatelatos, M.G., Blackman, H.S. (eds.) Safety Assessment and Management - PSAM 8, Eighth International Conference on Probabilistic. ASME Press, New York (2006)Google Scholar
  17. 17.
    Santen, T.: Stepwise development of secure systems. In: Górski, J. (ed.) SAFECOMP 2006. LNCS, vol. 4166, pp. 142–155. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Denis Hatebur
    • 1
    • 2
  • Maritta Heisel
    • 1
  1. 1.Fakultät für IngenieurwissenschaftenUniversität Duisburg-EssenGermany
  2. 2.Institut für technische Systeme GmbHGermany

Personalised recommendations