首页> 外文学位 >文献详情
【24h】

SURE: Secure and usable requirements engineering.

机译:确保:安全和可用的需求工程。

获取原文
获取原文并翻译 | 示例

摘要

Software security is increasingly important as technology and systems continue to evolve; however, it is too often addressed as an after thought in too many development efforts. While various approaches for security requirements engineering exist, many still lack in usability, usefulness, and understandability. Prior research has determined the need for a new approach that supports the specification of usable specification by a variety of stakeholders. We describe a new technique to engineering security requirements called SURE, Secure and Usable Requirements Engineering. This new approach supports non-security experts in specifying usable, useful, and understandable security requirements. To our knowledge, SURE is one of the few, if not the only, security requirements engineering approaches that enables the usefulness of security specifications past the requirements stage. Our approach supports the mapping of testing artifacts from the specified security requirements. In addition, we detail ASSURE, Automated Support for Secure and Usable Requirements Engineering, a system that implements SURE. ASSURE is an online collaborative environment that enables the specification of security requirements and their mapping into testing artifacts while providing user and project management support. In addition, we describe results from extensive usability and comparative studies of SURE and ASSURE. The usability studies evaluated the support for specifying security requirements, mapping testing artifacts, and dynamically updating artifacts. The comparative studies evaluated SURE specifications against existing specifications from one of our industrial partners as well as existing approaches. All of our studies showed very positive results. We conclude the dissertation with future directions and applications of the described research.
机译:随着技术和系统的不断发展,软件安全性变得越来越重要。然而,在太多的开发工作中,它常常被作为事后思考。尽管存在各种用于安全需求工程的方法,但许多方法仍缺乏可用性,有用性和可理解性。先前的研究确定了对支持各种利益相关者对可用规范进行规范的新方法的需求。我们描述了一种用于工程安全需求的新技术,称为安全,安全和可用需求工程。这种新方法支持非安全专家指定可用,有用和可理解的安全要求。据我们所知,SURE是为数不多的(即使不是唯一的)安全需求工程方法之一,可以使安全规范在需求阶段结束后变得有用。我们的方法支持根据指定的安全要求映射测试工件。此外,我们还详细介绍了ASSURE,它是实现SURE的系统,可自动支持安全和可用需求工程。 ASSURE是一个在线协作环境,可在指定用户要求和项目管理支持的同时,指定安全要求并将其映射到测试工件。另外,我们描述了广泛的可用性以及SURE和ASSURE的比较研究的结果。可用性研究评估了对指定安全要求,映射测试工件以及动态更新工件的支持。比较研究将SURE规范与我们的行业合作伙伴之一的现有规范以及现有方法进行了评估。我们所有的研究都显示出非常积极的结果。最后,对本文的研究进行了展望和展望。

著录项

  • 作者单位

    University of California, Irvine.;

  • 授予单位 University of California, Irvine.;
  • 学科 Computer Science.
  • 学位 Ph.D.
  • 年度 2010
  • 页码 214 p.
  • 总页数 214
  • 原文格式 PDF
  • 正文语种 eng
  • 中图分类
  • 关键词

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

联系方式:18141920177 (微信同号)

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有
  • 客服微信

  • 服务号