Sale!
Placeholder

Remembering Security In Systems Design

10,000 3,000

Topic Description

 ALL listed project topics on our website are complete material from chapter 1-5 which are well supervised and approved by lecturers who are intellectual in their various fields of discipline, documented to assist you with complete, quality and well organized researched materials. which should be use as reference or Guild line...  See frequently asked questions and answeres



SUMMARY
How are security requirements included in systems and in which ways can they be included? This project sets out to look into and provide an insight to the best practice(s) for including security requirements in systems design. This has been achieved through extensive literary research to find a survey of practices to include security requirements, in which each method has been identified and analysed. The practices examined range from pre-design issues, such as the use of risk analysis and requirements capture to the use of actual practices for including security in systems design –all with a degree of practicality to the ‘real world’. It has been found that two main methods are considered important to the inclusion of security requirements. The first method particular analyses UMLsec as a security modelling technique for including security requirements. Although still under research UMLsec has the potential to become as popular as the industry standard of unified modelling language (UML) –from which UMLsec derives. The second practice investigates the use of role based access control (RBAC) as a security model that can be used for systems design. A number of other significant issues are also discussed including factors such as the relation of security to the type of system being modelled. This project concludes with a discussion of the findings of this survey, especially the use of UMLsec in systems design and its application to security. Some suggestions are also proposed and discussed, for example the application and potential of UMLsec in the ‘real world’.

CONTENTS
CHAPTER 1
Introduction
1
1.1 Project Aims
1
1.2 Motivations
1
1.3 Project Evaluation
2
1.3.1 Initial Work
2
1.3.2 Process of Literature Review
3
1.3.3 Project Evaluation
3
CHAPTER 2
Problems for Systems Designers
7
CHAPTER 3
Requirements and Issues of Pre-Design Stages
11
3.1 Functional Versus Non-Functional Requirements
11
3.2 Requirements Capture
13
3.1.1 Business Process Review (BPR)
13
3.1.2 Computer Security, Safety and Resilience (CSSR) Requirements And the Constraints Acquisition Tool (CAT)
14
3.3 Risk Analysis
16
3.4 Risk Analysis –Target Optimum Portfolio Management (TOPM)
18
3.5 Discussion of Risk Analysis
19
CHAPTER 4
Techniques for Including Security Requirements in Systems Design
21
4.1 Secure Unified Modelling Language (UMLsec) and Systems Design
21
4.2 Access Control and Systems Design
26
4.2.1 Role Based Access Control (RBAC)
26
4.2.2 Three Kinds of RBAC
27
4.2.3 Discussion of RBAC
29
4.3. Other Models of Access Control
31
4.3.1 Discretionary Access Control (DAC)
31
4.3.2 Mandatory Access Control (MAC)
32
4.3.3 Adapted Mandatory Access Control (AMAC)
33
III
4.3.4 Personal Knowledge Approach
33
4.3.5 Clark and Wilson Approach
34
4.3.6 Chinese Wall Policy
34
4.4 UMLsec and RBAC
34
CHAPTER 5
Issues for Incorporating Security into Systems Design
37
5.1 Security and the Systems Lifecycle
37
5.2 Security and the Type of System Being Modelled
40
CHAPTER 6
Suggestions for Including Security Requirements into Systems Design
43
6.1 Requirements Capture, Risk Analysis and Other Pre-Design Issues
43
6.2 Use of UMLsec for Including Security in Systems Design
44
6.3 Conclusions
45
6.4 Possible Future Work
46
REFERENCES
48
APPENDICES
51
APPENDIX A –Personal Reflection
51
APPENDIX B –Report Feedback Review
54
APPENDIX C –Project Management –Project Diary
57
APPENDIX D –Table Showing some Example Stereotypes (Jürjens, 2002)
60
APPENDIX E –Examples of UMLsec Diagrams
62
APPENDIX F –Diagrams of (IEEE/EIA 12207 version of the) Software Development Lifecycle and the Security Engineering Model (defined by Higginbottom et al., 1998, cited in Lee et al., 2002)

GET COMPLETE MATERIAL