author = {Siv Hilde Houmb and Shareeful Islam and Eric Knauss and Jan Jürjens
	and Kurt Schneider},
  title = {{E}liciting {S}ecurity {R}equirements and {T}racing them to {D}esign:
	{A}n {I}ntegration of {C}ommon {C}riteria, {H}euristics, and {UML}sec},
  journal = {{R}equirements {E}ngineering},
  year = {2010},
  volume = {15},
  pages = {63-93},
  number = {1},
  month = {March},
  abstract = {Building secure systems is difficult for many reasons. This paper
	deals with two of the main challenges: (i) the lack of security expertise
	in development teams and (ii) the inadequacy of existing methodologies
	to support developers who are not security experts. The security
	standard ISO 14508 Common Criteria (CC) together with secure design
	techniques such as UMLsec can provide the security expertise, knowledge,
	and guidelines that are needed. However, security expertise and guidelines
	are not stated explicitly in the CC. They are rather phrased in security
	domain terminology and difficult to understand for developers. This
	means that some general security and secure design expertise are
	required to fully take advantage of the CC and UMLsec. In addition,
	there is the problem of tracing security requirements and objectives
	into solution design, which is needed for proof of requirements fulfilment.
	This paper describes a security requirements engineering methodology
	called SecReq. SecReq combines three techniques: the CC, the heuristic
	requirements editor HeRA, and UMLsec. SecReq makes systematic use
	of the security engineering knowledge contained in the CC and UMLsec,
	as well as security-related heuristics in the HeRA tool. The integrated
	SecReq method supports early detection of security-related issues
	(HeRA), their systematic refinement guided by the CC, and the ability
	to trace security requirements into UML design models. A feedback
	loop helps reusing experience within SecReq and turns the approach
	into an iterative process for the secure system life-cycle, also
	in the presence of system evolution.},
  doi = {10.1007/s00766-009-0093-9},
  url = {}