Skip to main content
Article thumbnail
Location of Repository

Redefining security engineering

By C. Rudolph and A. Fuchs

Abstract

For a long time, security was not in the focus of software engineering and system engineering processes. Only quite recently the situation has changed and security issues are now more and more integrated into concrete steps of the development process. Various approaches exist for the elicitation of security requirements, for threat modeling, for risk analysis, or for security testing. These different approaches are more-and-more adapted for practical use and become integrated parts of software development life-cycles. Nevertheless, they only support isolated steps in the process (e.g. security of code) or concentrate on particular types of requirements (e.g. for access control). The long-term goal for security engineering shall be the establishment of processes supporting all steps of the engineering process in an integrated way and to co-ordinate the contributions by different roles in this process. This paper identifies the different tasks of security engineering and discusses what parts of these tasks can be realised by using existing approaches. Further, three embedded scenarios are used to identify some concrete requirements for a security engineering process. This discussion shall show the scope of future research and developments in the area of security engineering and motivate inter-disciplinary approaches to establish security engineering as a research discipline

Year: 2012
DOI identifier: 10.1109/NTMS.2012.6208773
OAI identifier: oai:fraunhofer.de:N-226200
Provided by: Fraunhofer-ePrints
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • http://publica.fraunhofer.de/d... (external link)
  • Suggested articles


    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.