Published

2007-09-01

A TAXONOMY OF SOFTWARE SECURITY REQUIREMENTS

Keywords:

Security, Software Security, Security Requirements, Integrity, Availability, Confidentiality. (es)

Authors

  • MARTA E. CALDERÓN C. MSc. Escuela de Ciencias de la Computación e Informática, Universidad de Costa Rica
Software security is a major concern of software engineer s. Security requirements must be taken in account early in the software development process. The goal of this paper is to present a taxonomy of software security requirements. Such a taxonomy is useful because it servers as an educational tool, can be used as a check list and as a guide to eliciting software security requirements, can help to creating a software security policy, and can guide to taking early preventive decisions. It is generally accepted that security is the combination of three attributes: integrity, availability, and confidentiality. Non-repudiation is also an important software security property. The taxonomy is based on the four concepts and is a two-level hierarchy, in which the first level categories are integrity requirements, availability requirements, confidentiality requirements and non-repudiation requirements. We use this primary classification because software engineers and user s can easily under stand the concepts of availability, integrity, confidentiality, and non-repudiation and r elate them to functional requirements. To apply the taxonomy, a four step process is proposed: 1) identify functional requirements, 2)identify assets to be protected, 3) identify threats to the assets, and 4) define software security requirements. To show how to use the taxonomy, an electronic commerce application is used.

How to Cite

APA

CALDERÓN C., M. E. (2007). A TAXONOMY OF SOFTWARE SECURITY REQUIREMENTS. Avances en Sistemas e Informática, 4(3). https://revistas.unal.edu.co/index.php/avances/article/view/9923

ACM

[1]
CALDERÓN C., M.E. 2007. A TAXONOMY OF SOFTWARE SECURITY REQUIREMENTS. Avances en Sistemas e Informática. 4, 3 (Sep. 2007).

ACS

(1)
CALDERÓN C., M. E. A TAXONOMY OF SOFTWARE SECURITY REQUIREMENTS. ava. sis. inf 2007, 4.

ABNT

CALDERÓN C., M. E. A TAXONOMY OF SOFTWARE SECURITY REQUIREMENTS. Avances en Sistemas e Informática, [S. l.], v. 4, n. 3, 2007. Disponível em: https://revistas.unal.edu.co/index.php/avances/article/view/9923. Acesso em: 26 feb. 2025.

Chicago

CALDERÓN C., MARTA E. 2007. “A TAXONOMY OF SOFTWARE SECURITY REQUIREMENTS”. Avances En Sistemas E Informática 4 (3). https://revistas.unal.edu.co/index.php/avances/article/view/9923.

Harvard

CALDERÓN C., M. E. (2007) “A TAXONOMY OF SOFTWARE SECURITY REQUIREMENTS”, Avances en Sistemas e Informática, 4(3). Available at: https://revistas.unal.edu.co/index.php/avances/article/view/9923 (Accessed: 26 February 2025).

IEEE

[1]
M. E. CALDERÓN C., “A TAXONOMY OF SOFTWARE SECURITY REQUIREMENTS”, ava. sis. inf, vol. 4, no. 3, Sep. 2007.

MLA

CALDERÓN C., M. E. “A TAXONOMY OF SOFTWARE SECURITY REQUIREMENTS”. Avances en Sistemas e Informática, vol. 4, no. 3, Sept. 2007, https://revistas.unal.edu.co/index.php/avances/article/view/9923.

Turabian

CALDERÓN C., MARTA E. “A TAXONOMY OF SOFTWARE SECURITY REQUIREMENTS”. Avances en Sistemas e Informática 4, no. 3 (September 1, 2007). Accessed February 26, 2025. https://revistas.unal.edu.co/index.php/avances/article/view/9923.

Vancouver

1.
CALDERÓN C. ME. A TAXONOMY OF SOFTWARE SECURITY REQUIREMENTS. ava. sis. inf [Internet]. 2007 Sep. 1 [cited 2025 Feb. 26];4(3). Available from: https://revistas.unal.edu.co/index.php/avances/article/view/9923

Download Citation

Article abstract page views

376

Downloads