Eliciting Security Requirements and Tracing Them to Design: An Integration of Common Criteria, Heuristics, and UMLsec

Free registration required

Executive Summary

Building secure systems is difficult for many reasons. This paper deals with two of the main challenges: the lack of security expertise in development teams, and the inadequacy of existing methodologies to support developers who are not security experts. The security standard ISO 14508 (Common Criteria) together with secure design techniques such as UMLsec can provide the security expertise, knowledge, and guidelines that are needed. However, security expertise and guidelines are not stated explicitly in the Common Criteria. They are rather phrased in security domain terminology and difficult to understand for developers. This means that some general security and secure design expertise are required to fully take advantage of the Common Criteria and UMLsec.

  • Format: PDF
  • Size: 593.6 KB