Security requirements for tolerating security failures

Michael Shin; Don Pathirage

doi:10.18293/SEKE2017-098

Security requirements for tolerating security failures

Michael Shin, Don Pathirage

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

5 Scopus citations

Abstract

This paper describes security failure-Tolerant requirements, which tolerate the failures of security services that protect applications from security attacks. A security service, such as authentication, confidentiality or integrity security service, can be always broken down as advanced attack skills are coined. There is no security service that is forever secure. This paper describes an approach to developing the security failure-Tolerant use case that specifies the security requirements for tolerating the breaches of security services. A security failure-Tolerant use case is modeled along with application use case and security use case, and specified with application use case description. Threats to applications are identified and modeled to develop security failure-Tolerant requirements. Online shopping system is used for illustrating security failure-Tolerant requirements.

Original language	English
Title of host publication	Proceedings - SEKE 2017
Subtitle of host publication	29th International Conference on Software Engineering and Knowledge Engineering
Publisher	Knowledge Systems Institute Graduate School
Pages	487-490
Number of pages	4
ISBN (Electronic)	1891706411
DOIs	https://doi.org/10.18293/SEKE2017-098
State	Published - 2017
Event	29th International Conference on Software Engineering and Knowledge Engineering, SEKE 2017 - Pittsburgh, United States Duration: Jul 5 2017 → Jul 7 2017

Publication series

Name	Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE
ISSN (Print)	2325-9000
ISSN (Electronic)	2325-9086

Conference

Conference	29th International Conference on Software Engineering and Knowledge Engineering, SEKE 2017
Country/Territory	United States
City	Pittsburgh
Period	07/5/17 → 07/7/17

Keywords

Application use case
Security failure-Tolerant use case
Security requirements
Security use case

Access to Document

10.18293/SEKE2017-098

Cite this

Shin, M., & Pathirage, D. (2017). Security requirements for tolerating security failures. In Proceedings - SEKE 2017: 29th International Conference on Software Engineering and Knowledge Engineering (pp. 487-490). (Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE). Knowledge Systems Institute Graduate School. https://doi.org/10.18293/SEKE2017-098

@inproceedings{fda65cd3e6ec4805aaf542aa171cebd1,

title = "Security requirements for tolerating security failures",

abstract = "This paper describes security failure-Tolerant requirements, which tolerate the failures of security services that protect applications from security attacks. A security service, such as authentication, confidentiality or integrity security service, can be always broken down as advanced attack skills are coined. There is no security service that is forever secure. This paper describes an approach to developing the security failure-Tolerant use case that specifies the security requirements for tolerating the breaches of security services. A security failure-Tolerant use case is modeled along with application use case and security use case, and specified with application use case description. Threats to applications are identified and modeled to develop security failure-Tolerant requirements. Online shopping system is used for illustrating security failure-Tolerant requirements.",

keywords = "Application use case, Security failure-Tolerant use case, Security requirements, Security use case",

author = "Michael Shin and Don Pathirage",

year = "2017",

doi = "10.18293/SEKE2017-098",

language = "English",

series = "Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE",

publisher = "Knowledge Systems Institute Graduate School",

pages = "487--490",

booktitle = "Proceedings - SEKE 2017",

note = "29th International Conference on Software Engineering and Knowledge Engineering, SEKE 2017 ; Conference date: 05-07-2017 Through 07-07-2017",

}

Shin, M & Pathirage, D 2017, Security requirements for tolerating security failures. in Proceedings - SEKE 2017: 29th International Conference on Software Engineering and Knowledge Engineering. Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE, Knowledge Systems Institute Graduate School, pp. 487-490, 29th International Conference on Software Engineering and Knowledge Engineering, SEKE 2017, Pittsburgh, United States, 07/5/17. https://doi.org/10.18293/SEKE2017-098

Security requirements for tolerating security failures. / Shin, Michael; Pathirage, Don.
Proceedings - SEKE 2017: 29th International Conference on Software Engineering and Knowledge Engineering. Knowledge Systems Institute Graduate School, 2017. p. 487-490 (Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Security requirements for tolerating security failures

AU - Shin, Michael

AU - Pathirage, Don

PY - 2017

Y1 - 2017

N2 - This paper describes security failure-Tolerant requirements, which tolerate the failures of security services that protect applications from security attacks. A security service, such as authentication, confidentiality or integrity security service, can be always broken down as advanced attack skills are coined. There is no security service that is forever secure. This paper describes an approach to developing the security failure-Tolerant use case that specifies the security requirements for tolerating the breaches of security services. A security failure-Tolerant use case is modeled along with application use case and security use case, and specified with application use case description. Threats to applications are identified and modeled to develop security failure-Tolerant requirements. Online shopping system is used for illustrating security failure-Tolerant requirements.

AB - This paper describes security failure-Tolerant requirements, which tolerate the failures of security services that protect applications from security attacks. A security service, such as authentication, confidentiality or integrity security service, can be always broken down as advanced attack skills are coined. There is no security service that is forever secure. This paper describes an approach to developing the security failure-Tolerant use case that specifies the security requirements for tolerating the breaches of security services. A security failure-Tolerant use case is modeled along with application use case and security use case, and specified with application use case description. Threats to applications are identified and modeled to develop security failure-Tolerant requirements. Online shopping system is used for illustrating security failure-Tolerant requirements.

KW - Application use case

KW - Security failure-Tolerant use case

KW - Security requirements

KW - Security use case

UR - http://www.scopus.com/inward/record.url?scp=85029505909&partnerID=8YFLogxK

U2 - 10.18293/SEKE2017-098

DO - 10.18293/SEKE2017-098

M3 - Conference contribution

AN - SCOPUS:85029505909

T3 - Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE

SP - 487

EP - 490

BT - Proceedings - SEKE 2017

PB - Knowledge Systems Institute Graduate School

T2 - 29th International Conference on Software Engineering and Knowledge Engineering, SEKE 2017

Y2 - 5 July 2017 through 7 July 2017

ER -

Shin M, Pathirage D. Security requirements for tolerating security failures. In Proceedings - SEKE 2017: 29th International Conference on Software Engineering and Knowledge Engineering. Knowledge Systems Institute Graduate School. 2017. p. 487-490. (Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE). doi: 10.18293/SEKE2017-098

Security requirements for tolerating security failures

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this