Academic Journals Database
Disseminating quality controlled scientific knowledge

Una Taxonomía de Requerimientos de Seguridad de Software.

Author(s): Marta E. Calderón C.

Journal: Avances en Sistemas e Informática
ISSN 1657-7663

Volume: 4;
Issue: 3;
Start page: 43;
Date: 2007;
VIEW PDF   PDF DOWNLOAD PDF   Download PDF Original page

Keywords: Security | Software Security | Security Requirements | Integrity | Availability | Confidentiality

Software security is a major concern of software engineers. Security requirements must be taken in account early in the software development process. The goal of this paper is to present a taxonomy of software security requirements. Such a taxonomy is useful because it servers as an educational tool, can be used as a check list and as a guide to eliciting software security requirements, can help to creating a software security policy, and can guide to taking early preventive decisions. It is generally accepted that security is the combination of three attributes: integrity, availability, and confidentiality. Non-repudiation is also an important software security property. The taxonomy is based on the four concepts and is a two-level hierarchy, in which the first level categories are integrityrequirements, availability requirements, confidentiality requirements and non-repudiation requirements. We use this primary classification because software engineers and users can easily understand the concepts of availability, integrity, confidentiality, and non-repudiation and relate them to functional requirements. To apply the taxonomy, a four step process is proposed: 1) identify functional requirements, 2) identify assets to be protected, 3) identify threats to the assets, and 4) define software security requirements. To show how to use the taxonomy, an electronic commerce application is used.
RPA Switzerland

Robotic Process Automation Switzerland


Tango Jona
Tangokurs Rapperswil-Jona