Abstract
It is very difficult to make IT-systems secure as there are many different components and mechanisms involved such as operating systems, computer networks, and software engineering. Without a systematic methodology, security requirements are often retrofitted late in the design process or pursued separately from functional design. To fill this gap, this thesis presents guidelines for conceptual modeling of generic security aspects resulting into a so-called security engineering process which extends the software development process presented in [1]. The security engineering process will provide a rich set of expressive guidelines and functions, enforcing the integration of security aspects in early stages of the software development process. The basic building blocks of the process are high-level security requirements and mechanisms, which can be summarized in a so-called requirements/mechanisms matrix. The approach will be based on UML (Unified Modeling Language) which is a general-purpose, nonproprietary modeling language. UML includes all the concepts that are necessary to support a modern iterative software development process.
| Original language | English |
|---|---|
| Publication status | Published - 2004 |
Fields of science
- 102001 Artificial intelligence
- 102006 Computer supported cooperative work (CSCW)
- 102010 Database systems
- 102014 Information design
- 102015 Information systems
- 102016 IT security
- 102028 Knowledge engineering
- 102019 Machine learning
- 102022 Software development
- 102025 Distributed systems
- 502007 E-commerce
- 505002 Data protection
- 506002 E-government
- 509018 Knowledge management
- 202007 Computer integrated manufacturing (CIM)
- 102033 Data mining
- 102035 Data science
