Abstract
Software is required to comply with the laws and standards of software security. However, stakeholders with less concern regarding security can neither describe the behaviour of the system with regard to security nor validate the system’s behaviour when the security function conflicts with usability. Scenarios or use-case specifications are common in requirements elicitation and are useful to analyze the usability of the system from a behavioural point of view. In this paper, the authors propose both (1) a scenario language based on a simple case grammar and (2) a method to verify a scenario with rules based on security evaluation criteria.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alexander, I.F., Maiden, N.: Scenarios, Stories, Use Cases - Through the Systems Development Life-Cycle. John Wiley & Sons, Chichester (2004)
Araujo, J., Whittle, J., Kim, D.: Modeling and Composing Scenario-Based Requirements with Aspects. In: 12th International Requirements Engineering Conference (RE 2004), pp. 58–67 (2004)
Barish, R.: ACM Conference Committee Job Description, Conference Manual, Section No. 6.1.1 (1997), http://www.acm.org/sig_volunteer_info/conference_manual/6-1-1PC.HTM
Carroll, J.M.: Making Use: Scenario-based Design of Human Computer Interactions. MIT Press, Cambridge (2000)
Cockburn, A.: Writing Effective Use Cases. Addison Wesley, USA (2001)
Fillmore, C.J.: The Case for Case, Universals in Linguistic Theory. Bach & Harms, Holt, Rinehart and Winston Publishing, Chicago (1968)
IEEE Std. 830-1998, IEEE Recommended Practice for Software Requirements Specifications (1998)
ISO/IEC 15408 common criteria (2005)
McDermott, J., Fox, C.: Using Abuse Case Models for Security Requirements Analysis. In: Proceedings of the 15th IEEE Annual Computer Security Applications Conference (ACSAC 1999), pp. 55–65 (1999)
Ohnishi, A.: Software requirements specification database based on requirements frame model. In: Proceedings of the Second IEEE International Conference on Requirements Engineering (ICRE 1996), pp. 221–228 (1996)
Ohnishi, A., Potts, C.: Grounding Scenarios in Frame-Based Action Semantics. In: Proc. of 7th International Workshop on Requirements Engineering: Foundation of Software Quality (REFSQ 2001), June 4-5, pp. 177–182. Interlaken, Switzerland (2001)
Railway Information System Co., Ltd., JR System (2001), http://www.jrs.co.jp/keiki/en/index_main.html
Schneier, B.: Secrets & Lies Digital Security in a Networked World. John Wiley & Sons, Chichester (2001)
Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Engineering 10, 34–44 (2005)
Sutcliffe, A.G., Maiden, N.A.M., Minocha, S., Manuel, D.: Supporting Scenario-Based Requirements Engineering. IEEE Trans. Software Engineering 24(12), 1072–1088 (1998)
Toval, A., Nicolaus, J., Moros, B., Gracia, F.: Requirements Reuse for Improving Information Systems Security: A Practitioner’s Approach. Requirements Engineering 6(4), 205–219 (2002)
Toyama, T., Ohnishi, A.: Rule-based Verification of Scenarios with Pre-conditions and Post-conditions. In: Proc. Of the 13th IEEE International Conference on Requirements Engineering (RE 2005), Paris, France, pp. 319–328 (2005)
Weidenhaupt, K., Pohl, K., Jarke, M., Haumer, P.: Scenarios in System Development: Current Practice. IEEE Software 15(2), 34–45 (1998)
Whittle, J., Araujo, J.: Scenario modeling with aspects. IEE Proceedings Software Special Issue 151(4), 157–172 (2004)
Zhang, H., Ohnishi, A.: Transformation between Scenarios from Different Viewpoints. IEICE Transactions on Information and Systems E87-D(4), 801–810 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ohnishi, A. (2009). Common Criteria Based Security Scenario Verification. In: Cordeiro, J., Shishkov, B., Ranchordas, A., Helfert, M. (eds) Software and Data Technologies. ICSOFT 2008. Communications in Computer and Information Science, vol 47. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-05201-9_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-05201-9_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-05200-2
Online ISBN: 978-3-642-05201-9
eBook Packages: Computer ScienceComputer Science (R0)