Abstract
Security requirements are a fundamental ingredient for an information system's quality. Despite their importance, security requirements play the role of a “stepchild” in software engineering. If considered at all they cover the technical dimension of information systems, i.e. the electronic part of information processing. This view is insufficient to deal with the requirements of the “real world”, i.e. the organisational practice. It is not just the technical criteria which are decisive in specifying security requirements. We have extended these criteria to incorporate the social and the economic dimension of information exchange in organisations. We will illustrate this extension of traditional approaches in a comprehensive security framework and we will demonstrate the interaction of the additional security criteria with traditional approaches.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
D.E. Bell, L.J. La Padula, Secure Computer Systems: Unified Exposition and Multics Interpretation. EDS-TR-75-30, The MITRE Corp., Bedford, March 1976.
K.J. Biba, Integrity Considerations for Secure Computer Systems. TR-3153, The MITRE Corp., Bedford, 1977.
W.J. Clancey, Situated Action: A Neuropsychological Interpretation. Cognitive Science, vol. 17, no. 1, 1993.
D. Clark, D. Wilson, A Comparision of Commercial and Military Security Policies. Proceedings of the IEEE Symposium on Security and Privacy, 1987.
Department of Defense, TCSEC — Trusted Computer System Evaluation Criteria. DoD 5200.28-STD, Department of Defense, USA, December 1985.
W.E. Deming, Out of the Crisis. Cambridge, MIT Center for Advanced Engineering, 1986.
ECMA, Security in Open Systems — A Security Framework. 46, European Computer Manufacturers Association (ECMA), 1988.
ECMA, Standard ECMA-138 — Security in Open Systems — Data Elements and Service Definitions. Standard ECMA-138, European Computer Manufacturers Association (ECMA), 1989.
A. Finkelstein, J. Kramer, B. Nuseibeh et al., Viewpoints: A Framework for Integration Multiple Perspectives in System Development. International Journal of Software Engineering and Knowledge Engineering, vol. 1, no. 2, 1992, pp. 31–58.
N.E. Fuchs, Software Development Based on Executable Specifications. SNF 21-32746.91, Institute for Informatics, University of Zurich, 1993.
R. Grimm, A Model of Security in Open Telecooperation. In: G.Neufeld, B. Plattner (eds.). Proceedings of the IFIP TC6/WG 6.5 International Conference on Upper Layer Protocols, Architectures and Applications, Vancouver, Canada, 27–29 May, 1992.
R. Grimm, A. Steinacker, Das Kooperations-und das Gleichgewichtsmodell —Theorie und Praxis. VIS 93: Verlässliche Informationssysteme — GI-Fachtagung, München, Springer, 1993.
R. Hirschheim, H.K. Klein, M. Newman, Information Systems Development as Social Action: Theoretical Perspective and Practice. OMEGA International Journal of Management Science, vol. 19, no. 6, 1991, pp. 587–608.
H.F. Hofmann, Requirements Engineering: A Survey of Methods and Tools. TR 93.05, Institute for Informatics, University of Zurich, 1993.
H.F. Hofmann, R. Pfeifer, E. Vinkhuyzen, Situated Software Design. In: Proceedings of the Fifth International Conference on Software Engineering and Knowledge Engineering San Francisco, Knowledge Systems Institute, 1993, pp. 622–628.
R. Holbein, Informationssicherheit — Ein Blick über den Tellerrand der (Informations-) Technologie. European Conference on Computer Science, Communication and Society: A Technical and Cultural Challenge, Neuchatel, Schweiz, 1993, pp. 161–172.
R. Holbein, Secure Information Exchange in Organisations. OBS-Report, University of Zurich, 1994.
M. Imai, Kaizen: The Key to Japan's Competitive Success. New York, Random House, 1986.
ISO, ISO: Security Frameworks Overview. International Organisation for Standardization, 1991.
ISO, WD 10746-1: Reference Model for Open Distributed Processing ODP Part 1: Overview. WD 10746-1, International Organisation for Standardization ISO, 1992.
J.I. Jones, M. Sergot, Formal Specification of Security Requirements using the Theory of Normative Positions. Computer Security — ESORICS 92, Toulouse, France, 1992, pp. 103–121.
D. Jonscher, K.R. Dittrich, A Formal Security Model Based on an Object-Oriented Data Model. TR 93.41, University of Zurich, Institute for Informatics, 1993.
F. Lehner, H.F. Hofmann, R. Setzer et al., Maintenance of Knowledge Bases. Fourth International Conference on Database and Expert Systems Applications, Prag, Springer, 1993, pp. 436–447.
A. Newell, The Knowledge Level. AI Magazine, vol. 2, no. 2, 1981, pp. 1–20.
D.B. Parker, Neuformulierung der Grundlagen der Informationssicherheit. Datenschutz und Datensicherung, no. 11, 1991.
J.G. Steiner, C. Newman, J.I. Schiller, Kerberos, An Authentication Service for Open Network Systems. Winter USENIX Conference, Dallas, 1988.
G. Steinke, M. Jarke, Support for Security Modeling in Information Systems Design. Database Security, VI: Status and Prospects (A-21), Elsevier Science Publisher, 1993, pp. 125–141.
R. Strens, J. Dobson, How Responsiblity Modeling Leads To Security Requirements. Department of Computer Science, University of Newcastle, 1993.
S. Teufel, Offene Bürokommunikation — Sicherheitsmanagement im inner-und zwischenbetrieblichen Informationsaustausch (OBS). NFP/SPP 5003-34271, Institute for Informatics, University of Zurich, 1993.
T.C. Ting, S. Demurjian, M.-Y. Hu, Requirements, Capabilities, and Functionalities of User-Role Based Security for an Object-Oriented Design Model. Database Security, vol. 5, 1992.
T.C. Ting, S.A. Demurjian, M.-Y. Hu, A Specification Methodology for User-Role Based Security in an Object-Oriented Design Model. Sixth Working Conference on Database Security, Burnaby, IFIP WG 11.3, 1992, pp. 351–378.
T. Winograd, F. Flores, Understanding Computers and Cognition. New York, Ablex, 1986.
John A. Wise, V. David Hopkin, Paul Stager (eds.), Verification and Validation of Complex Systems: Human Factors Issues. Berlin, Springer, 1993.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1994 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hofmann, H.F., Holbein, R. (1994). Reaching out for quality: Considering security requirements in the design of information systems. In: Wijers, G., Brinkkemper, S., Wasserman, T. (eds) Advanced Information Systems Engineering. CAiSE 1994. Lecture Notes in Computer Science, vol 811. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-58113-8_165
Download citation
DOI: https://doi.org/10.1007/3-540-58113-8_165
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-58113-0
Online ISBN: 978-3-540-48459-2
eBook Packages: Springer Book Archive