東華大學圖書館 |

Language: English

Help

回圖書館首頁

手機版館藏查詢

Back

Switch To: Labeled | MARC Mode | ISBD

Security functional requirements ana...

Wu, Dan.

Linked to FindBook

Google Book

Amazon

博客來

Security functional requirements analysis for developing secure software.

Record Type:	Language materials, printed : Monograph/item
Title/Author:	Security functional requirements analysis for developing secure software./
Author:	Wu, Dan.
Description:	125 p.
Notes:	Adviser: Barry Boehm.
Contained By:	Dissertation Abstracts International68-05B.
Subject:	Computer Science. -
Online resource:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3262759
ISBN:	9780549007654

Security functional requirements analysis for developing secure software.
Wu, Dan.

Security functional requirements analysis for developing secure software. - 125 p.

Adviser: Barry Boehm.

Thesis (Ph.D.)--University of Southern California, 2007.

Research experience shows that security needs to be considered from the beginning of software development life cycle to avoid expensive rework and reduce potential security vulnerabilities. Hence, defining the right set of security functional requirements (SFRs) and evaluated assurance level (EAL) becomes a critical task for developers when developing secure software. Much effort has been put into creating industry standards to provide a shared common base for stakeholders with concerns on security. One of the industry standards, which is used widely in both industry and government sides in many countries, is Common Criteria (CC). However, one of the drawbacks of Common Criteria is the inefficiency of use. Moreover, with limited project information in the early lifecycle phase, it is hard for developers with less security experience to select the right security requirements from what are defined in CC. Extensions on it and experiences from empirical studies on using it are demanded to achieve a better and more efficient use of CC, which also benefits developers by saving their effort on security functional requirements definition.

ISBN: 9780549007654Subjects--Topical Terms:

626642
Computer Science.

Security functional requirements analysis for developing secure software.
LDR:03599nam 2200289 a 45 001 940985
005 20110518
008 110518s2007 ||||||||||||||||| ||eng d
020 $a 9780549007654
035 $a (UMI)AAI3262759
035 $a AAI3262759
040 $a UMI $c UMI
100 1 $a Wu, Dan. $3 855562
245 1 0 $a Security functional requirements analysis for developing secure software.
300 $a 125 p.
500 $a Adviser: Barry Boehm.
500 $a Source: Dissertation Abstracts International, Volume: 68-05, Section: B, page: 3174.
502 $a Thesis (Ph.D.)--University of Southern California, 2007.
520 $a Research experience shows that security needs to be considered from the beginning of software development life cycle to avoid expensive rework and reduce potential security vulnerabilities. Hence, defining the right set of security functional requirements (SFRs) and evaluated assurance level (EAL) becomes a critical task for developers when developing secure software. Much effort has been put into creating industry standards to provide a shared common base for stakeholders with concerns on security. One of the industry standards, which is used widely in both industry and government sides in many countries, is Common Criteria (CC). However, one of the drawbacks of Common Criteria is the inefficiency of use. Moreover, with limited project information in the early lifecycle phase, it is hard for developers with less security experience to select the right security requirements from what are defined in CC. Extensions on it and experiences from empirical studies on using it are demanded to achieve a better and more efficient use of CC, which also benefits developers by saving their effort on security functional requirements definition.
520 $a A thorough analysis has been done on a dataset consisted by the Security Target (ST) files of 242 security products published on common criteria portal website. A mapping between security objectives and SFRs is presented, which can save much development effort by reduce the range of candidate SFRs when developers know the project's security objectives in the early phases. In the cases when developers only know the product domain of this project, SFR patterns for nine different domains of security products are presented based on the statistic result from the published 242 security products, which can be customized or directly used for particular security application. The analysis result of correlations among SFR classes defined in CC and correlations among security objectives provide a good guidance for developers in designing the architecture of security products. A trend shows that EAL tends to increase when the number of SFRs increases. It is not strongly proved by the current dataset, but shows a research direction for further discussion and explorations in the future.
520 $a To validate the correctness of the mapping scheme between security objectives and SFRs, each of the ST files is reviewed to find out the consistency and difference between the presented mapping scheme with the actual selected SFRs in 242 security products with certain security objectives. A method is presented to evaluate the effectiveness of these security patterns, which can be used as a factor for developers when to consider applying the patterns for actual use.
590 $a School code: 0208.
650 4 $a Computer Science. $3 626642
690 $a 0984
710 2 $a University of Southern California. $b Computer Science. $3 1023331
773 0 $t Dissertation Abstracts International $g 68-05B.
790 $a 0208
790 1 0 $a Boehm, Barry, $e advisor
791 $a Ph.D.
792 $a 2007
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3262759