By Topic

Mutual Refinement of Security Requirements and Architecture Using Twin Peaks Model

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Okubo, T. ; Secure Comput. Dept., Fujitsu Labs. Ltd., Kawasaki, Japan ; Kaiya, H. ; Yoshioka, N.

It is difficult to sufficiently specify software security requirements because they depend on a software architecture that has not yet been designed. Although the Twin Peaks model is a reference model to elicit a sufficient amount of software requirements in conjunction with the architectural requirements, it is still unclear how the security requirements can be elicited while taking the architecture into consideration. We propose a novel method to elicit the security requirements with architecture elaboration based on the Twin Peaks model, which is called the Twin Peaks Model application for Security Analysis (TMP-SA). In our method, security countermeasures for attacks are elicited as the security requirements incrementally according to the refinement of the architecture. We can comprehensively explore the alternatives for the countermeasures (security requirements) and choose the most suitable one for each project because we can focus on the architecture-specific security issues as well as architecture-independent security issues. We have applied our method to several applications and discuss its advantages and limitations. We found that our method is suitable for iterative development, and it enables us to find threats caused by architectural issues that are severely difficult to find when analyzing only the requirements issues.

Published in:

Computer Software and Applications Conference Workshops (COMPSACW), 2012 IEEE 36th Annual

Date of Conference:

16-20 July 2012