A taxonomy of software security requirements

Software security is a major concern of software engineer s. Security requirements must be taken in account early in the software development process. The goal of this paper is to present a taxonomy of software security requirements. Such a taxonomy is useful because it servers as an educational too...

Full description

Autores:: Calderón C., Marta E.

Tipo de recurso:: Article of journal

Fecha de publicación:: 2007

Institución:: Universidad Nacional de Colombia

Repositorio:: Universidad Nacional de Colombia

Idioma:: spa

id	UNACIONAL2_be36267254a41827a0a749d23c6d1df0
oai_identifier_str	oai:repositorio.unal.edu.co:unal/24281
network_acronym_str	UNACIONAL2
network_name_str	Universidad Nacional de Colombia
repository_id_str
spelling	Atribución-NoComercial 4.0 InternacionalDerechos reservados - Universidad Nacional de Colombiahttp://creativecommons.org/licenses/by-nc/4.0/info:eu-repo/semantics/openAccesshttp://purl.org/coar/access_right/c_abf2Calderón C., Marta E.7f7feda3-fa15-4c1a-8d41-b9afd262795e3002019-06-25T22:35:31Z2019-06-25T22:35:31Z2007https://repositorio.unal.edu.co/handle/unal/24281http://bdigital.unal.edu.co/15318/Software security is a major concern of software engineer s. Security requirements must be taken in account early in the software development process. The goal of this paper is to present a taxonomy of software security requirements. Such a taxonomy is useful because it servers as an educational tool, can be used as a check list and as a guide to eliciting software security requirements, can help to creating a software security policy, and can guide to taking early preventive decisions. It is generally accepted that security is the combination of three attributes: integrity, availability, and confidentiality. Non-repudiation is also an important software security property. The taxonomy is based on the four concepts and is a two-level hierarchy, in which the first level categories are integrity requirements, availability requirements, confidentiality requirements and non-repudiation requirements. We use this primary classification because software engineers and user s can easily under stand the concepts of availability, integrity, confidentiality, and non-repudiation and r elate them to functional requirements. To apply the taxonomy, a four step process is proposed: 1) identify functional requirements, 2)identify assets to be protected, 3) identify threats to the assets, and 4) define software security requirements. To show how to use the taxonomy, an electronic commerce application is used.application/pdfspaUniversidad Nacional de Colombia -Sede Medellínhttp://revistas.unal.edu.co/index.php/avances/article/view/9923Universidad Nacional de Colombia Revistas electrónicas UN Avances en Sistemas e InformáticaAvances en Sistemas e InformáticaAvances en Sistemas e Informática; Vol. 4, núm. 3 (2007) Avances en Sistemas e Informática; Vol. 4, núm. 3 (2007) 1909-0056 1657-7663Calderón C., Marta E. (2007) A taxonomy of software security requirements. Avances en Sistemas e Informática; Vol. 4, núm. 3 (2007) Avances en Sistemas e Informática; Vol. 4, núm. 3 (2007) 1909-0056 1657-7663 .A taxonomy of software security requirementsArtículo de revistainfo:eu-repo/semantics/articleinfo:eu-repo/semantics/publishedVersionhttp://purl.org/coar/resource_type/c_6501http://purl.org/coar/resource_type/c_2df8fbb1http://purl.org/coar/version/c_970fb48d4fbd8a85Texthttp://purl.org/redcol/resource_type/ARTSecuritySoftware SecuritySecurity RequirementsIntegrityAvailabilityConfidentiality.ORIGINAL9923-17893-1-PB.pdfapplication/pdf287635https://repositorio.unal.edu.co/bitstream/unal/24281/1/9923-17893-1-PB.pdfd4d28b54e45182bfd3376531c08d51d2MD51THUMBNAIL9923-17893-1-PB.pdf.jpg9923-17893-1-PB.pdf.jpgGenerated Thumbnailimage/jpeg11179https://repositorio.unal.edu.co/bitstream/unal/24281/2/9923-17893-1-PB.pdf.jpgcc31c0fb01da1efe3f8201e260b5e863MD52unal/24281oai:repositorio.unal.edu.co:unal/242812023-10-16 23:05:50.443Repositorio Institucional Universidad Nacional de Colombiarepositorio_nal@unal.edu.co
dc.title.spa.fl_str_mv	A taxonomy of software security requirements
title	A taxonomy of software security requirements
spellingShingle	A taxonomy of software security requirements Security Software Security Security Requirements Integrity Availability Confidentiality.
title_short	A taxonomy of software security requirements
title_full	A taxonomy of software security requirements
title_fullStr	A taxonomy of software security requirements
title_full_unstemmed	A taxonomy of software security requirements
title_sort	A taxonomy of software security requirements
dc.creator.fl_str_mv	Calderón C., Marta E.
dc.contributor.author.spa.fl_str_mv	Calderón C., Marta E.
dc.subject.proposal.spa.fl_str_mv	Security Software Security Security Requirements Integrity Availability Confidentiality.
topic	Security Software Security Security Requirements Integrity Availability Confidentiality.
description	Software security is a major concern of software engineer s. Security requirements must be taken in account early in the software development process. The goal of this paper is to present a taxonomy of software security requirements. Such a taxonomy is useful because it servers as an educational tool, can be used as a check list and as a guide to eliciting software security requirements, can help to creating a software security policy, and can guide to taking early preventive decisions. It is generally accepted that security is the combination of three attributes: integrity, availability, and confidentiality. Non-repudiation is also an important software security property. The taxonomy is based on the four concepts and is a two-level hierarchy, in which the first level categories are integrity requirements, availability requirements, confidentiality requirements and non-repudiation requirements. We use this primary classification because software engineers and user s can easily under stand the concepts of availability, integrity, confidentiality, and non-repudiation and r elate them to functional requirements. To apply the taxonomy, a four step process is proposed: 1) identify functional requirements, 2)identify assets to be protected, 3) identify threats to the assets, and 4) define software security requirements. To show how to use the taxonomy, an electronic commerce application is used.
publishDate	2007
dc.date.issued.spa.fl_str_mv	2007
dc.date.accessioned.spa.fl_str_mv	2019-06-25T22:35:31Z
dc.date.available.spa.fl_str_mv	2019-06-25T22:35:31Z
dc.type.spa.fl_str_mv	Artículo de revista
dc.type.coar.fl_str_mv	http://purl.org/coar/resource_type/c_2df8fbb1
dc.type.driver.spa.fl_str_mv	info:eu-repo/semantics/article
dc.type.version.spa.fl_str_mv	info:eu-repo/semantics/publishedVersion
dc.type.coar.spa.fl_str_mv	http://purl.org/coar/resource_type/c_6501
dc.type.coarversion.spa.fl_str_mv	http://purl.org/coar/version/c_970fb48d4fbd8a85
dc.type.content.spa.fl_str_mv	Text
dc.type.redcol.spa.fl_str_mv	http://purl.org/redcol/resource_type/ART
format	http://purl.org/coar/resource_type/c_6501
status_str	publishedVersion
dc.identifier.uri.none.fl_str_mv	https://repositorio.unal.edu.co/handle/unal/24281
dc.identifier.eprints.spa.fl_str_mv	http://bdigital.unal.edu.co/15318/
url	https://repositorio.unal.edu.co/handle/unal/24281 http://bdigital.unal.edu.co/15318/
dc.language.iso.spa.fl_str_mv	spa
language	spa
dc.relation.spa.fl_str_mv	http://revistas.unal.edu.co/index.php/avances/article/view/9923
dc.relation.ispartof.spa.fl_str_mv	Universidad Nacional de Colombia Revistas electrónicas UN Avances en Sistemas e Informática Avances en Sistemas e Informática
dc.relation.ispartofseries.none.fl_str_mv	Avances en Sistemas e Informática; Vol. 4, núm. 3 (2007) Avances en Sistemas e Informática; Vol. 4, núm. 3 (2007) 1909-0056 1657-7663
dc.relation.references.spa.fl_str_mv	Calderón C., Marta E. (2007) A taxonomy of software security requirements. Avances en Sistemas e Informática; Vol. 4, núm. 3 (2007) Avances en Sistemas e Informática; Vol. 4, núm. 3 (2007) 1909-0056 1657-7663 .
dc.rights.spa.fl_str_mv	Derechos reservados - Universidad Nacional de Colombia
dc.rights.coar.fl_str_mv	http://purl.org/coar/access_right/c_abf2
dc.rights.license.spa.fl_str_mv	Atribución-NoComercial 4.0 Internacional
dc.rights.uri.spa.fl_str_mv	http://creativecommons.org/licenses/by-nc/4.0/
dc.rights.accessrights.spa.fl_str_mv	info:eu-repo/semantics/openAccess
rights_invalid_str_mv	Atribución-NoComercial 4.0 Internacional Derechos reservados - Universidad Nacional de Colombia http://creativecommons.org/licenses/by-nc/4.0/ http://purl.org/coar/access_right/c_abf2
eu_rights_str_mv	openAccess
dc.format.mimetype.spa.fl_str_mv	application/pdf
dc.publisher.spa.fl_str_mv	Universidad Nacional de Colombia -Sede Medellín
institution	Universidad Nacional de Colombia
bitstream.url.fl_str_mv	https://repositorio.unal.edu.co/bitstream/unal/24281/1/9923-17893-1-PB.pdf https://repositorio.unal.edu.co/bitstream/unal/24281/2/9923-17893-1-PB.pdf.jpg
bitstream.checksum.fl_str_mv	d4d28b54e45182bfd3376531c08d51d2 cc31c0fb01da1efe3f8201e260b5e863
bitstream.checksumAlgorithm.fl_str_mv	MD5 MD5
repository.name.fl_str_mv	Repositorio Institucional Universidad Nacional de Colombia
repository.mail.fl_str_mv	repositorio_nal@unal.edu.co
_version_	1806886459110588416

A taxonomy of software security requirements

Publicaciones similares