电信服务安全需求概要:软件工程师如何解决安全问题

2011 Sixth International Conference on Availability, Reliability and Security Pub Date : 2011-08-22 DOI:10.1109/ARES.2011.81

A. Zuccato, Nils Daniels, Cheevarat Jampathom

{"title":"电信服务安全需求概要:软件工程师如何解决安全问题","authors":"A. Zuccato, Nils Daniels, Cheevarat Jampathom","doi":"10.1109/ARES.2011.81","DOIUrl":null,"url":null,"abstract":"Security requirement engineering for services is in practice frequently performed by security non-experts. For them the security requirements and their dependencies are not directly known. To mitigate this, the paper suggests the usage of a business oriented security requirement profiles (e.g. VoIP, IP-TV...) containing information security, privacy, fraud/abuse, resilience and assurance requirements. The criteria and the creation process for such reusable and adaptable profiles are shown. Then the requirement profiles are set in context with a development process. We show how to stepwise adjust the profile to the actual service needs at development stages where the budget and knowledge are available. Finally, experiences from real projects are presented.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"180 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Service Security Requirement Profiles for Telecom: How Software Engineers May Tackle Security\",\"authors\":\"A. Zuccato, Nils Daniels, Cheevarat Jampathom\",\"doi\":\"10.1109/ARES.2011.81\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security requirement engineering for services is in practice frequently performed by security non-experts. For them the security requirements and their dependencies are not directly known. To mitigate this, the paper suggests the usage of a business oriented security requirement profiles (e.g. VoIP, IP-TV...) containing information security, privacy, fraud/abuse, resilience and assurance requirements. The criteria and the creation process for such reusable and adaptable profiles are shown. Then the requirement profiles are set in context with a development process. We show how to stepwise adjust the profile to the actual service needs at development stages where the budget and knowledge are available. Finally, experiences from real projects are presented.\",\"PeriodicalId\":254443,\"journal\":{\"name\":\"2011 Sixth International Conference on Availability, Reliability and Security\",\"volume\":\"180 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-08-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 Sixth International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2011.81\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Sixth International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2011.81","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

摘要

服务的安全需求工程在实践中经常由非安全专家执行。对他们来说，安全需求及其依赖关系并不是直接知道的。为了缓解这种情况，本文建议使用面向业务的安全需求配置文件(例如VoIP、IP-TV…)，其中包含信息安全、隐私、欺诈/滥用、弹性和保证需求。给出了这种可重用和可适应的概要文件的标准和创建过程。然后在开发过程的上下文中设置需求概要文件。我们将展示如何在有预算和知识的开发阶段逐步调整概要文件以适应实际服务需求。最后，介绍了实际工程的经验。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Service Security Requirement Profiles for Telecom: How Software Engineers May Tackle Security

Security requirement engineering for services is in practice frequently performed by security non-experts. For them the security requirements and their dependencies are not directly known. To mitigate this, the paper suggests the usage of a business oriented security requirement profiles (e.g. VoIP, IP-TV...) containing information security, privacy, fraud/abuse, resilience and assurance requirements. The criteria and the creation process for such reusable and adaptable profiles are shown. Then the requirement profiles are set in context with a development process. We show how to stepwise adjust the profile to the actual service needs at development stages where the budget and knowledge are available. Finally, experiences from real projects are presented.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2011 Sixth International Conference on Availability, Reliability and Security

自引率

0.00%

发文量

期刊最新文献

Security Issues in a Synchronous e-Training Platform Deriving Current State RBAC Models from Event Logs Hidden Price of User Authentication: Cost Analysis and Stakeholder Motivation A Proposed Web Access Control System Request Policy Framework for Cooperation of DNS and a Web Browser Non-Parallelizable and Non-Interactive Client Puzzles from Modular Square Roots