, ) Model-based management of information system security risk, Presses universitaires de Namur, 2012.
, Security and trust requirements engineering (eds) Foundations of security analysis and design III, pp.237-272, 2005.
, Analyzing security requirements as relationships among strategic actors, Proceedings of the 2nd symposium on requirements engineering for information security, 2002.
, Analysing security requirements of information systems using tropos, 2006.
, Elaborating security requirements by construction of intentional anti-models, Proceedings. 26th International Conference on Software Engineering, pp.148-157, 2004.
DOI : 10.1109/ICSE.2004.1317437
, Eliciting security requirements with misuse cases, Requirements Engineering, vol.lies, issue.1, pp.34-44, 2005.
DOI : 10.1007/s00766-004-0194-4
, Security Use Cases., The Journal of Object Technology, vol.2, issue.3, pp.53-64, 2003.
DOI : 10.5381/jot.2003.2.3.c6
, SecureUML: A UML-Based Modeling Language for Model-Driven Security, UML ) 2002?The Unified Modeling Language, pp.426-441, 2002.
DOI : 10.1007/3-540-45800-X_33
, Using UMLsec and goal trees for secure systems development, Proceedings of the 2002 ACM symposium on Applied computing , SAC '02, pp.1026-1030, 2002.
DOI : 10.1145/508791.508990
, Specifying Reusable Security Requirements., The Journal of Object Technology, vol.3, issue.1, pp.61-75, 2004.
DOI : 10.5381/jot.2004.3.1.c6
, A reusebased approach to security requirements engineering. (Online) http://users.ece.utexas, 2014.
, Experimental threat model reuse with misuse case diagrams Information and communications security, pp.355-366, 2010.
, A Pattern System for Security Requirements Engineering, The Second International Conference on Availability, Reliability and Security (ARES'07), pp.356-365, 2007.
DOI : 10.1109/ARES.2007.12
, Component-based software engineering: putting the pieces together (paperback), 2001.
DOI : 10.1007/b136248
, Software reuse research: status and future, IEEE Transactions on Software Engineering, vol.31, issue.7, pp.529-536, 2005.
DOI : 10.1109/TSE.2005.85
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.75.635
, Ten steps towards systematic requirements reuse, Requirements Engineering, vol.20, issue.3, pp.102-113, 1997.
DOI : 10.1007/BF02813029
, Mastering the requirements process getting requirements right, 2013.
, Metamodeling for requirements reuse, pp.76-90, 2002.
, Integrated software reuse: management and techniques, 1993.
, A Portal for Software Security, IEEE Security and Privacy Magazine, vol.3, issue.4, pp.75-79, 2005.
DOI : 10.1109/MSP.2005.88
, Systematic mapping studies in software engineering, 12th international conference on evaluation and assessment in software engineering, 2008.
, Guidelines for performing systematic literature reviews in software engineering, 2007.
, Using mapping studies in software engineering, Proc PPIG, vol.8, pp.195-204, 2008.
, Using mapping studies as the basis for further research ??? A participant-observer case study, Information and Software Technology, vol.53, issue.6, pp.638-651, 2011.
DOI : 10.1016/j.infsof.2010.12.011
, Requirements engineering paper classification and evaluation criteria: a proposal and a discussion, Requirements Engineering, vol.39, issue.4, pp.102-107, 2006.
DOI : 10.1007/s00766-005-0021-6
URL : https://hal.archives-ouvertes.fr/hal-00706337
, A systematic approach to define the domain of information system security risk management Intentional perspectives on information systems engineering, pp.289-306, 2010.
, A comparison of security requirements engineering methods, Requirements Engineering, vol.4, issue.2, pp.7-40, 2010.
DOI : 10.1007/s00766-009-0092-x
, Security requirements engineering: state of the art and practice and challenges. http://www.cs.utoronto.ca/ *gelahi/Depth 29 Security patterns for agent systems, Proceedings of the eight european conference on pattern languages of programs (Euro- PLoP), 2003.
, Engineering requirements for system reliability and security Software system reliability and security, ser. NATO security through science series-D: information and communication security, pp.196-238, 2007.
, Attack patterns for security requirements engineering, 2006.
, Tropos: An Agent-Oriented Software Development Methodology, Autonomous Agents and Multi-Agent Systems, vol.8, issue.3, pp.203-236, 2004.
DOI : 10.1023/B:AGNT.0000018806.20944.ef
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.1.7049
, The tropos metamodel and its use, Informatica (Slovenia), vol.29, issue.4, pp.401-408, 2005.
, SECURE TROPOS: A SECURITY-ORIENTED EXTENSION OF THE TROPOS METHODOLOGY, International Journal of Software Engineering and Knowledge Engineering, vol.17, issue.02, pp.285-309, 2007.
DOI : 10.1142/S0218194007003240
, Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems, Proceedings of the 15th conference on advanced information systems engineering CAiSE, pp.63-78, 2003.
DOI : 10.1007/3-540-45017-3_7
, Trustworthy selection of cloud providers based on security and privacy requirements: justifying trust assumptions (eds) Trust, privacy, and security in digital business, pp.185-198, 2013.
, STS-Tool: using commitments to specify socio-technical security requirements Advances in conceptual modeling, pp.396-399, 2012.
, MODELING SECURE SYSTEMS USING AN AGENT-ORIENTED APPROACH AND SECURITY PATTERNS, International Journal of Software Engineering and Knowledge Engineering, vol.16, issue.03, pp.471-498, 2006.
DOI : 10.1142/S0218194006002823
, A pattern language: towns, buildings, construction, 1977.
, STtool: a CASE tool for security requirements engineering, Proceedings of 13th IEEE international conference on requirements engineering, pp.451-452, 2005.
, Effective Security Impact Analysis with Patterns for Software Enhancement, 2011 Sixth International Conference on Availability, Reliability and Security, pp.527-534, 2011.
DOI : 10.1109/ARES.2011.79
, Comyn-Wattiau I (2012) Ontologies for security requirements: a literature survey and classification. In: Advanced information systems engineering workshops lecture notes in business information processing, pp.61-69
, Strategies for developing policies and requirements for secure electronic commerce systems E-commerce security and privacy, In: Ghosh AK, pp.29-46, 2001.
, A framework for modeling privacy requirements in role engineering, international workshop on requirements engineering for software quality, pp.16-17, 2003.
, A requirements taxonomy for reducing web site privacy vulnerabilities, Requir Eng, vol.9, issue.3, pp.169-185, 2004.
, Requirements engineering for trust management: model, methodology, and reasoning, International Journal of Information Security, vol.9, issue.1, pp.257-274, 2006.
DOI : 10.1007/s10207-006-0005-7
URL : http://repository.tue.nl/650905
, Using a security requirements engineering methodology in practice: The compliance with the Italian data protection legislation, Computer Standards & Interfaces, vol.27, issue.5, 2004.
DOI : 10.1016/j.csi.2005.01.003
, Detecting conflicts between functional and security requirements with Secure Tropos: John Rusnak and the Allied Irish Bank Social modeling for requirements engineering, 2008.
, From Trust to Dependability through Risk Analysis, The Second International Conference on Availability, Reliability and Security (ARES'07), pp.19-26, 2007.
DOI : 10.1109/ARES.2007.93
, Risk modelling and reasoning in goal models, 2006.
, An ontology for secure socio-technical systems. Handbook of ontologies for business interaction, 2007.
, An approach to guide requirement elicitation by analysing the causes and consequences of threats, Inform Model Knowl. Bases XVI, vol.121, p.13, 2005.
, Using the RITA threats ontology to guide requirements elicitation: an empirical experiment in the banking sector In: Managing requirements knowledge, MARK'08. First International Workshop on, pp.11-15, 2008.
, Guiding goal modeling using scenarios, IEEE Transactions on Software Engineering, vol.24, issue.12, pp.1055-1071, 1998.
DOI : 10.1109/32.738339
URL : https://hal.archives-ouvertes.fr/hal-00673586
, Ontology-based support for security requirements specification process On the move to meaningful internet systems: OTM 2012 workshops, pp.194-206, 2012.
, Pattern-based security requirements specification using ontologies and boilerplates, 2012 Second IEEE International Workshop on Requirements Patterns (RePa), pp.2012-2012, 2012.
DOI : 10.1109/RePa.2012.6359973
, A knowledge-based approach to security requirements for e-health applications, 2006.
, Modelling reusable security requirements based on an ontology framework, J Res Pract Inf Technol, vol.41, issue.2, p.119, 2009.
, 3: Metodología de Análisis y Gestión de Riesgos de los Sistemas de Información. (Online), p.17, 2013.
, Requirements Reuse for Improving Information Systems Security: A Practitioner???s Approach, Requirements Engineering, vol.6, issue.4, pp.205-219, 2001.
DOI : 10.1007/PL00010360
, A Knowledge-oriented Approach to Security Requirements for an E-Voting System, International Journal of Computer Applications, vol.49, issue.11, pp.21-25, 2012.
DOI : 10.5120/7671-0953
, An Ontology Based Information Security Requirements Engineering Framework, Secure and trust computing, pp.139-146, 2011.
DOI : 10.1017/S135132490400347X
, Formalizing information security knowledge, Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ASIACCS '09, pp.183-194, 2009.
DOI : 10.1145/1533057.1533084
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.205.9959
, Service Security Requirement Profiles for Telecom: How Software Engineers May Tackle Security, 2011 Sixth International Conference on Availability, Reliability and Security, pp.521-526, 2011.
DOI : 10.1109/ARES.2011.81
, Templates for misuse case description In: Proceedings of the 7th international workshop on requirements engineering, foundation for software quality, pp.4-5, 2001.
, Capturing security requirements through misuse cases, Norsk Informatikkonferanse, 2001.
DOI : 10.1007/s00766-004-0194-4
, Initial industrial experience of misuse cases in trade-off analysis, Proceedings IEEE Joint International Conference on Requirements Engineering, pp.61-68, 2002.
DOI : 10.1109/ICRE.2002.1048506
, A reuse-based approach to determining security requirements, Proceedings of 9th international workshop on requirements engineering: foundation for software quality, pp.3-16, 2003.
, Introducing abuse frames for analysing security requirements, Journal of Lightwave Technology, pp.3-371, 2003.
DOI : 10.1109/ICRE.2003.1232791
, Analysing security threats and vulnerabilities using abuse frames, 2003.
, Using abuse frames to bound the scope of security problems, 12th IEEE international requirements engineering conference, pp.354-355
, Problem frames: analysing and structuring software development problems, 2001.
, Security Requirements Elicitation Using Method Weaving and Common Criteria, pp.185-196, 2009.
DOI : 10.1007/11575801_34
, A framework to support selection of cloud providers based on security and privacy requirements, Journal of Systems and Software, vol.86, issue.9, pp.2276-2293, 2013.
DOI : 10.1016/j.jss.2013.03.011
, Security quality requirements engineering (SQUARE) methodology, Proceedings of the 2005 workshop on Software engineering for secure system building trustworthy applications, pp.1-7, 2005.
DOI : 10.1145/1083200.1083214
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.110.8758
, Incorporating security quality requirements engineering (SQUARE) into standard life-cycle models, 2008.
DOI : 10.1145/1083200.1083214
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.110.8758
, Security Requirements Engineering for Software Systems: Case Studies in Support of Software Engineering Education, 19th Conference on Software Engineering Education & Training (CSEET'06), pp.149-158, 2006.
DOI : 10.1109/CSEET.2006.30
, Recent development in information technology security evaluation-the need for evaluation criteria for multilateral security. In: Security and control of information technology in society, pp.113-128, 1993.
, Security requirements reusability and the SQUARE methodology, No. CMU/SEI-2010-TN-027, 2010.
, Security Requirements Variability for Software Product Lines, 2008 Third International Conference on Availability, Reliability and Security, pp.1413-1420, 2008.
DOI : 10.1109/ARES.2008.165
, Applying a security requirements engineering process Computer security?ESORICS, pp.192-206, 2006.
, A common criteria based security requirements engineering process for the development of secure information systems, Computer Standards & Interfaces, vol.29, issue.2, pp.244-253, 2007.
DOI : 10.1016/j.csi.2006.04.002
, The unified software development process, 1999.
, Modelling trust for system design using the i* strategic actors framework (eds) Trust in cyber-societies, pp.175-194, 2001.
, Security and privacy requirements analysis within a social setting, Journal of Lightwave Technology, pp.151-161, 2003.
DOI : 10.1109/ICRE.2003.1232746
, Design authorization systems using secureUML. In: Foundstone foundstone professional services, pp.2-16, 2005.
, Automated Verification of UMLsec Models for Security Requirements, UML 2004?The Unified Modeling Language, pp.412-425, 2004.
DOI : 10.1007/978-3-540-30187-5_26
, Model-Based Security Engineering of Distributed Information Systems Using UMLsec, 29th International Conference on Software Engineering (ICSE'07), pp.581-590, 2007.
DOI : 10.1109/ICSE.2007.55
, Approach for adaptive security monitor generation?secureChange, p.31, 2012.
, Structured semantics for the CORAS security risk modeling language In: Preproceedings of the 2nd international workshop on interoperability solutions on trust, security, policies and QoS for enhanced enterprise systems (IS-TSPQ'07), pp.79-92, 2007.
, The CORAS Tool, pp.339-346, 2011.
DOI : 10.1007/978-3-642-12323-8_18
, The CORAS Tool for Security Risk Analysis, pp.402-405, 2005.
DOI : 10.1007/11429760_30
, A Graphical Approach to Risk Identification, Motivated by Empirical Investigations, Proceedings of the 9th international conference on model driven engineering languages and systems, pp.574-588, 2006.
DOI : 10.1007/11880240_40
, Risk-based systems security engineering: stopping attacks with intention, IEEE Security and Privacy Magazine, vol.2, issue.6, pp.59-62, 2004.
DOI : 10.1109/MSP.2004.109
, Mission Oriented Risk and Design Analysis of Critical Information Systems, Military Operations Research, vol.10, issue.2, pp.19-38, 2005.
DOI : 10.5711/morj.10.2.19
, Risk-based Confidentiality Requirements Specification for Outsourced IT Systems, 2010 18th IEEE International Requirements Engineering Conference, pp.199-208, 2010.
DOI : 10.1109/RE.2010.30
, Security Requirements Engineering: A Framework for Representation and Analysis, IEEE Transactions on Software Engineering, vol.34, issue.1, pp.133-153, 2008.
DOI : 10.1109/TSE.2007.70754
, A framework for security requirements engineering, Proceedings of the 2006 international workshop on Software engineering for secure systems , SESS '06, pp.35-42, 2006.
DOI : 10.1145/1137627.1137634
, Securing the Skies: In Requirements We Trust, Computer, vol.42, issue.9, pp.46-54
DOI : 10.1109/MC.2009.299
, Multilateral security requirements analysis for preserving privacy in ubiquitous environments, Proceedings of the UKDU workshop, pp.51-64, 2006.
, Contextualizing security goals: a method for multilateral security requirements elicitation, In: Sicherheit, vol.6, pp.42-53, 2006.
, Comyn-Wattiau I (2015) A security ontology for security requirements elicitation, International symposium on engineering secure software and systems, 2015.
, Requirements Reuse: The State of the Practice, 2012 IEEE International Conference on Software Science, Technology and Engineering, pp.2012-2012, 2012.
DOI : 10.1109/SWSTE.2012.12
, A survey on security patterns, Progress in Informatics, vol.5, issue.5, pp.35-47, 2008.
DOI : 10.2201/NiiPi.2008.5.5
, Software engineering for security, Proceedings of the conference on The future of Software engineering , ICSE '00, pp.227-239, 2000.
DOI : 10.1145/336512.336559
, A systematic review of security requirements engineering, Computer Standards & Interfaces, vol.32, issue.4, pp.153-165, 2010.
DOI : 10.1016/j.csi.2010.01.006
, Survey and analysis on Security Requirements Engineering, Computers & Electrical Engineering, vol.38, issue.6, pp.1785-1797, 2012.
DOI : 10.1016/j.compeleceng.2012.08.008
, Security Requirements for the Rest of Us: A Survey, IEEE Software, vol.25, issue.1, pp.20-27, 2008.
DOI : 10.1109/MS.2008.19
, Security requirements engineering: state of the art and practice and challenges, 2009.
, Cloud computing security requirements: A systematic review, 2012 Sixth International Conference on Research Challenges in Information Science (RCIS), pp.1-7, 2012.
DOI : 10.1109/RCIS.2012.6240421
, information systems security design methods: implications for information systems development, ACM Comput Surv (CSUR), vol.25, issue.4, pp.375-414, 1993.