{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,6]],"date-time":"2026-03-06T18:58:13Z","timestamp":1772823493082,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":32,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642387081","type":"print"},{"value":"9783642387098","type":"electronic"}],"license":[{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-10975-6_6","type":"book-chapter","created":{"date-parts":[[2014,9,3]],"date-time":"2014-09-03T12:26:14Z","timestamp":1409747174000},"page":"79-93","source":"Crossref","is-referenced-by-count":12,"title":["A Review of Security Requirements Engineering Methods with Respect to Risk Analysis and Model-Driven Engineering"],"prefix":"10.1007","author":[{"given":"Denisse","family":"Mu\u00f1ante","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Vanea","family":"Chiprianov","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Laurent","family":"Gallon","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Philippe","family":"Aniort\u00e9","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"6_CR1","unstructured":"Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley and Sons (2001)"},{"key":"6_CR2","doi-asserted-by":"crossref","unstructured":"Karpati, P., Sindre, G., Opdahl, A.L.: Characterising and analysing security requirements modelling initiatives. In: Proceedings of the International Conference on Availability, Reliability and Security (ARES), pp. 710\u2013715. IEEE Computer Society (2011)","DOI":"10.1109\/ARES.2011.113"},{"issue":"1","key":"6_CR3","doi-asserted-by":"publisher","first-page":"7","DOI":"10.1007\/s00766-009-0092-x","volume":"15","author":"B. Fabian","year":"2010","unstructured":"Fabian, B., G\u00fcrses, S., Heisel, M., Santen, T., Schmidt, H.: A comparison of security requirements engineering methods. Requir. Eng.\u00a015(1), 7\u201340 (2010)","journal-title":"Requir. Eng."},{"issue":"4","key":"6_CR4","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1016\/j.csi.2010.01.006","volume":"32","author":"D. Mellado","year":"2010","unstructured":"Mellado, D., Blanco, C., S\u00e1nchez, L.E., Fern\u00e1ndez-Medina, E.: A systematic review of security requirements engineering. Computer Standards & Interfaces\u00a032(4), 153\u2013165 (2010)","journal-title":"Computer Standards & Interfaces"},{"issue":"6","key":"6_CR5","doi-asserted-by":"publisher","first-page":"1785","DOI":"10.1016\/j.compeleceng.2012.08.008","volume":"38","author":"P. Salini","year":"2012","unstructured":"Salini, P., Kanmani, S.: Survey and analysis on Security Requirements Engineering. Computers & Electrical Engineering\u00a038(6), 1785\u20131797 (2012)","journal-title":"Computers & Electrical Engineering"},{"key":"6_CR6","unstructured":"Mayer, N., Dubois, E., Matulevicius, R., Heymans, P.: Towards a Measurement Framework for Security Risk Management. In: Modeling Security Workshop (MODSEC 2008), in conjunction with the 11th International Conference on Model Driven Engineering Languages and Systems (MODELS 2008), Toulouse, France (September 2008)"},{"key":"6_CR7","doi-asserted-by":"crossref","unstructured":"Jurjens, J.: UMLsec: Extending UML for secure systems development. In: Fifth International Conference on the Unified Modeling Language, Model Engineering, Languages Concepts and Tools (2002)","DOI":"10.1007\/3-540-45800-X_32"},{"key":"6_CR8","doi-asserted-by":"crossref","unstructured":"Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Fifth International Conference on the Unified Modeling Language, Model Engineering, Languages Concepts and Tools (2002)","DOI":"10.1007\/3-540-45800-X_33"},{"key":"6_CR9","doi-asserted-by":"crossref","unstructured":"N. Mead, E. Houg, T. Stehney: Security quality requirements engineering (SQUARE) Methodology. Technical report CMU\/SEI-2005-TR-009. Software Eng. Inst., Carnegie Mellon Univ. (2005)","DOI":"10.21236\/ADA443493"},{"key":"6_CR10","unstructured":"Sindre, G., Opdahl, A.L.: Capturing security requirements by misuse cases. Presented at 14th Norwegian Informatics Conference (NIK 2001), Troms\u00f8, Norway (2001)"},{"key":"6_CR11","doi-asserted-by":"crossref","unstructured":"van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th International Conference on Software Engineering, May 23-28, pp. 148\u2013157 (2004)","DOI":"10.1109\/ICSE.2004.1317437"},{"issue":"2","key":"6_CR12","doi-asserted-by":"publisher","first-page":"285","DOI":"10.1142\/S0218194007003240","volume":"17","author":"H. Mouratidis","year":"2007","unstructured":"Mouratidis, H., Giorgini, P.: Secure tropos: A security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng.\u00a017(2), 285\u2013309 (2007)","journal-title":"Int. J. Softw. Eng. Knowl. Eng."},{"key":"6_CR13","doi-asserted-by":"crossref","unstructured":"Elahi, G., Yu, E.: A goal oriented approach for modeling and analyzing security trade-offs. University of Toronto, Department of Computer Science. Technical report (2007)","DOI":"10.1007\/978-3-540-75563-0_26"},{"key":"6_CR14","doi-asserted-by":"crossref","unstructured":"Anton, A.I., Earp, J.B.: Strategies for developing policies and requirements for secure electronic commerce systems. Department of Computer Science, North Carolina State University. Technical report (2000)","DOI":"10.1007\/978-1-4615-1467-1_5"},{"issue":"1","key":"6_CR15","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1007\/s10550-007-0013-9","volume":"25","author":"F. Braber","year":"2007","unstructured":"Braber, F., Hogganvik, I., Lund, M.S., Stolen, K., Vraalsen, F.: Model-based security analysis in seven steps-a guided tour to the CORAS method. BT Technol. J.\u00a025(1), 101\u2013117 (2007)","journal-title":"BT Technol. J."},{"key":"6_CR16","doi-asserted-by":"crossref","unstructured":"Asnar, Y., Giorgini, P., Massacci, F., Zannon, N.: From trust to dependability through risk analysis. In: Proceedings of the International Conference on Availability, Reliability and Security (AReS), pp. 19\u201326. IEEE Computer Society (2007)","DOI":"10.1109\/ARES.2007.93"},{"key":"6_CR17","unstructured":"Mayer, N., Rifaut, A., Dubois, E.: Towards a risk-based security requirements engineering framework. In: Proceedings of the 11th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ 2005), in conjunction with the 17th Conference on Advanced Information Systems Engineering, CAiSE 2005 (2005)"},{"key":"6_CR18","doi-asserted-by":"crossref","unstructured":"Mellado, D., Fernandez-Medina, E., Piattini, M.: Applying a security requirements engineering process. In: Proceedings of the 11th European Conference on Research in Computer Security, Hamburg, Germany, September 18-20, pp. 192\u2013206 (2006)","DOI":"10.1007\/11863908_13"},{"key":"6_CR19","unstructured":"Herv\u00e9 Schauer Consultants. ISO\/IEC 27005:2011 Information technology \u2013 Security techniques \u2013 Information security risk management (2010)"},{"key":"6_CR20","volume-title":"MDA explained the model driven architecture: Practice and promise","author":"A. Kleppe","year":"2003","unstructured":"Kleppe, A., Warmer, J., Bast, W.: MDA explained the model driven architecture: Practice and promise. Addison-Wesley, Boston (2003)"},{"issue":"2","key":"6_CR21","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1007\/s00766-010-0111-y","volume":"16","author":"T. Yue","year":"2011","unstructured":"Yue, T., Briand, L.C., Labiche, Y.: A systematic review of transformation approaches between user requirements and analysis models. Requirements Engineering\u00a016(2), 75\u201399 (2011)","journal-title":"Requirements Engineering"},{"key":"6_CR22","doi-asserted-by":"crossref","unstructured":"Mu\u00f1ante, D., Gallon, L., Aniort\u00e9, P.: An approach based on Model-driven Engineering to define Security Policies using the access control model OrBAC. In: The Eight International Workshop on Frontiers in Availability, Reliability and Security (FARES 2013), in conjonction with the 8th ARES Conference (ARES 2013), September 2-6. University of Regensburg, Germany (2013)","DOI":"10.1109\/ARES.2013.44"},{"key":"6_CR23","doi-asserted-by":"crossref","unstructured":"Ledru, Y., Richier, J., Idani, A., Labiadh, M.: From KAOS to RBAC: A Case Study in Designing Access Control Rules from a Requirements Analysis. In: 6 me Conference sur la Scurit des Architectures Rseaux et des Systmes d\u2019Information (SARSSI 2011). La Rochelle, France (2011)","DOI":"10.1109\/SAR-SSI.2011.5931378"},{"key":"6_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1007\/11767138_5","volume-title":"Advanced Information Systems Engineering","author":"H. Mouratidis","year":"2006","unstructured":"Mouratidis, H., J\u00fcrjens, J., Fox, J.: Towards a comprehensive framework for secure systems development. In: Martinez, F.H., Pohl, K. (eds.) CAiSE 2006. LNCS, vol.\u00a04001, pp. 48\u201362. Springer, Heidelberg (2006)"},{"key":"6_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"155","DOI":"10.1007\/978-3-642-28879-1_11","volume-title":"Data Privacy Management and Autonomous Spontaneus Security","author":"M. Graa","year":"2012","unstructured":"Graa, M., Cuppens-Boulahia, N., Autrel, F., Azkia, H., Cuppens, F., Coatrieux, G., Cavalli, A., Mammar, A.: Using Requirements Engineering in an Automatic Security Policy Derivation Process. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM 2011 and SETOP 2011. LNCS, vol.\u00a07122, pp. 155\u2013172. Springer, Heidelberg (2012)"},{"key":"6_CR26","unstructured":"Mead, N.R., Allen, J.H., Barnum, S.J., Ellison, R.J., McGraw, G.: Software Security Engineering: A Guide for Project Managers. Addison-Wesley Professional (2004)"},{"key":"6_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"541","DOI":"10.1007\/978-3-540-69534-9_40","volume-title":"Advanced Information Systems Engineering","author":"R. Matulevicius","year":"2008","unstructured":"Matulevicius, R., Mayer, N., Mouratidis, H., Dubois, E., Heymans, P., Genon, N.: Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development. In: Bellahs\u00e8ne, Z., L\u00e9onard, M. (eds.) CAiSE 2008. LNCS, vol.\u00a05074, pp. 541\u2013555. Springer, Heidelberg (2008)"},{"key":"6_CR28","unstructured":"Braber, F., Dimitrakos, T., Gran, B.A., Lund, M.S., Stolen, K., Aagedal, J.O.: The CORAS methodology: Model-based risk assessment using UML and UP. In: UML and the Unified Process, pp. 332\u2013357. IGI Publishing (2003)"},{"key":"6_CR29","unstructured":"Lin, L., Nuseibeh, B., Ince, D., Jackson, M.: Using Abuse Frames to Bound the Scope of Security Problems. In: Proceedings of the 12th IEEE International Conference on Requirements Engineering (RE 2004), pp. 354\u2013355. IEEE Computer Society (2004)"},{"key":"6_CR30","doi-asserted-by":"crossref","unstructured":"Hatebur, D., Heisel, M., Schmidt, H.: A security engineering process based on patterns. In: Proceedings of the International Workshop on Secure Systems Methodologies Using Patterns (SPatterns), pp. 734\u2013738. IEEE Computer Society (2007)","DOI":"10.1109\/DEXA.2007.36"},{"key":"6_CR31","doi-asserted-by":"crossref","unstructured":"Beckers, K., Hatebur, D., Heisel, M.: A problem-based threat analysis in compliance with Common Criteria. In: Proceedings of the International Conference on Availability, Reliability and Security (ARES 2013), pp. 111\u2013120 (2013)","DOI":"10.1109\/ARES.2013.21"},{"issue":"1","key":"6_CR32","doi-asserted-by":"publisher","first-page":"133","DOI":"10.1109\/TSE.2007.70754","volume":"34","author":"C.B. Haley","year":"2008","unstructured":"Haley, C.B., Laney, R., Moffett, J., Nuseibeh, B.: Security requirements engineering: A framework for representation and analysis. IEEE Trans. Softw. Eng.\u00a034(1), 133\u2013153 (2008)","journal-title":"IEEE Trans. Softw. Eng."}],"container-title":["Lecture Notes in Computer Science","Advanced Information Systems Engineering"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-10975-6_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,4]],"date-time":"2025-05-04T12:59:57Z","timestamp":1746363597000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-10975-6_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783642387081","9783642387098"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-10975-6_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014]]}}}