Escudo de la República de Colombia
Sistema Nacional de Biliotecas - Repositorio Institucional Universidad Nacional de Colombia Biblioteca Digital - Repositorio Institucional UN Sistema Nacional de Bibliotecas UN

A taxonomy of software security requirements

CALDERÓN C., MARTA E. (2009) A taxonomy of software security requirements. Avances en Sistemas e Informática; Vol. 4, núm. 3 (2007) Avances en Sistemas e Informática; Vol. 4, núm. 3 (2007) 1909-0056 1657-7663 .

Texto completo

[img]
Vista previa
PDF
287kB

URL oficial: http://revistas.unal.edu.co/index.php/avances/arti...

Resumen

Software security is a major concern of software engineer s. Security requirements must be taken in account early in the software development process. The goal of this paper is to present a taxonomy of software security requirements. Such a taxonomy is useful because it servers as an educational tool, can be used as a check list and as a guide to eliciting software security requirements, can help to creating a software security policy, and can guide to taking early preventive decisions. It is generally accepted that security is the combination of three attributes: integrity, availability, and confidentiality. Non-repudiation is also an important software security property. The taxonomy is based on the four concepts and is a two-level hierarchy, in which the first level categories are integrity requirements, availability requirements, confidentiality requirements and non-repudiation requirements. We use this primary classification because software engineers and user s can easily under stand the concepts of availability, integrity, confidentiality, and non-repudiation and r elate them to functional requirements. To apply the taxonomy, a four step process is proposed: 1) identify functional requirements, 2)identify assets to be protected, 3) identify threats to the assets, and 4) define software security requirements. To show how to use the taxonomy, an electronic commerce application is used.

Tipo de documento:Artículo - Article
Información adicional:Derechos de autor reservados
Palabras clave:Security, Software Security, Security Requirements, Integrity, Availability, Confidentiality.
Unidad administrativa:Revistas electrónicas UN > Avances en Sistemas e Informática
Código ID:15318
Enviado por : Dirección Nacional de Bibliotecas STECNICO
Enviado el día :24 Junio 2014 19:16
Ultima modificación:19 Agosto 2014 02:39
Ultima modificación:19 Agosto 2014 02:39
Exportar:Clic aquí
Estadísticas:Clic aquí
Compartir:

Solamente administradores del repositorio: página de control del ítem

Vicerrectoría de Investigación: Número uno en investigación
Indexado por:
Indexado por Scholar Google WorldCat DRIVER Registry of Open Access Repositories OpenDOAR Metabiblioteca BDCOL OAIster Red de repositorios latinoamericanos DSpace BASE Open archives La referencia Colombiae Open Access Theses and Dissertations Tesis latinoamericanas CLACSO
Este sitio web se ve mejor en Firefox