{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T07:17:28Z","timestamp":1769671048247,"version":"3.49.0"},"reference-count":97,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2009,11,26]],"date-time":"2009-11-26T00:00:00Z","timestamp":1259193600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Requirements Eng"],"published-print":{"date-parts":[[2010,3]]},"DOI":"10.1007\/s00766-009-0092-x","type":"journal-article","created":{"date-parts":[[2009,11,26]],"date-time":"2009-11-26T00:26:01Z","timestamp":1259195161000},"page":"7-40","source":"Crossref","is-referenced-by-count":168,"title":["A comparison of security requirements engineering methods"],"prefix":"10.1007","volume":"15","author":[{"given":"Benjamin","family":"Fabian","sequence":"first","affiliation":[]},{"given":"Seda","family":"G\u00fcrses","sequence":"additional","affiliation":[]},{"given":"Maritta","family":"Heisel","sequence":"additional","affiliation":[]},{"given":"Thomas","family":"Santen","sequence":"additional","affiliation":[]},{"given":"Holger","family":"Schmidt","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2009,11,26]]},"reference":[{"key":"92_CR1","unstructured":"Common Criteria for Information Technology Security Evaluation, Version 3.1. (2006) [Online]. Available: http:\/\/www.commoncriteriaportal.org\/public\/expert\/"},{"key":"92_CR2","volume-title":"Computer security","author":"M Bishop","year":"2003","unstructured":"Bishop M (2003) Computer security. Addison-Wesley, New York"},{"key":"92_CR3","volume-title":"Building secure software: how to avoid security problems the right way","author":"J Viega","year":"2001","unstructured":"Viega J, McGraw G (2001) Building secure software: how to avoid security problems the right way. Addison-Wesley, New York"},{"key":"92_CR4","volume-title":"IT-Sicherheit, 3rd edn","author":"C Eckert","year":"2004","unstructured":"Eckert C (2004) IT-Sicherheit, 3rd edn. Oldenbourg-Verlag, M\u00fcnchen"},{"key":"92_CR5","doi-asserted-by":"crossref","unstructured":"Firesmith DG (2003) Common concepts underlying safety, security, and survivability engineering. Carnegie Melon University. Technical report SEI-2003-TN-033","DOI":"10.21236\/ADA421683"},{"key":"92_CR6","unstructured":"Rupp C, SOPHIST GROUP (2003) Requirements-engineering und -management, 3rd edn. Carl Hanser Verlag"},{"key":"92_CR7","unstructured":"Rannenberg K, Pfitzmann A, M\u00fcller G (1999) IT security and multilateral security. In: M\u00fcller G, Rannenberg K (eds) Multilateral security in communications\u2014technology, infrastructure. Economy Addison-Wesley, pp 21\u201329"},{"issue":"1","key":"92_CR8","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/237432.237434","volume":"6","author":"P Zave","year":"1997","unstructured":"Zave P, Jackson M (1997) Four dark corners of requirements engineering. ACM Trans Softw Eng Methodol 6(1):1\u201330","journal-title":"ACM Trans Softw Eng Methodol"},{"key":"92_CR9","doi-asserted-by":"crossref","unstructured":"Fricker S, Gorschek T, Glinz M (2008) Goal-oriented requirements communication in new product development. In: Proceedings of the international workshop on software product management. IEEE Computer Society, Los Alamitos, pp 27\u201334","DOI":"10.1109\/IWSPM.2008.2"},{"key":"92_CR10","unstructured":"Liu L, Yu E (2001) From requirements to architectural design using goals and scenarios. In: Proceedings of the international workshop from software requirements to architectures (STRAW). Toronto"},{"key":"92_CR11","unstructured":"Ant\u00f2n AI, Earp JB (2000) Strategies for developing policies and requirements for secure electronic commerce systems. Department of Computer Science, North Carolina State University. Technical report TR-2000-09. [Online]. Available: citeseer.ist.psu.edu\/anton00strategies.html"},{"key":"92_CR12","doi-asserted-by":"crossref","unstructured":"Mylopoulos J, Chung L, Nixon B (1992) Representing and using non-functional requirements: a process-oriented approach. IEEE Transactions on Software Engineering pp 483\u2013497","DOI":"10.1109\/32.142871"},{"key":"92_CR13","volume-title":"Software engineering, 8th edn","author":"I Sommerville","year":"2007","unstructured":"Sommerville I (2007) Software Engineering, 8th edn. Addison Wesley, New York"},{"key":"92_CR14","doi-asserted-by":"crossref","unstructured":"Glinz M (2007) On non-functional requirements. In: Proceedings of 15th IEEE international requirements engineering conference (RE \u201907), pp 21\u201326","DOI":"10.1109\/RE.2007.45"},{"key":"92_CR15","doi-asserted-by":"crossref","unstructured":"Jureta I, Mylopoulos J, Faulkner S (2008) Revisiting the core ontology and problem in requirements engineering. In: Proceedings of 16th IEEE international requirements engineering conference (RE \u201908), pp 71\u201380","DOI":"10.1109\/RE.2008.13"},{"key":"92_CR16","unstructured":"Information technology\u2014security techniques\u2014code of practice for information security management (ISO\/IEC FDIS 17799:2005) (2005) International Organization for Standardization"},{"key":"92_CR17","unstructured":"Information technology\u2014security techniques\u2014management of information and communications technology security\u2014part 1: Concepts and models for information and communications technology security management (ISO\/IEC 13335-1:2004)(2004) International Organization for Standardization"},{"key":"92_CR18","unstructured":"NIST SP 800-26: Security Self-Assessment Guide for Information Technology Systems (2001) National institute of standards and technology"},{"issue":"2","key":"92_CR19","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1109\/MS.1998.663780","volume":"15","author":"DM Berry","year":"1998","unstructured":"Berry DM, Lawrence B (1998) Guest editors\u2019 introduction: requirements engineering. IEEE Softw 15(2):26\u201329","journal-title":"IEEE Softw"},{"issue":"2","key":"92_CR20","doi-asserted-by":"crossref","first-page":"132","DOI":"10.1145\/857076.857079","volume":"35","author":"WN Robinson","year":"2003","unstructured":"Robinson WN, Pawlowski SD, Volkov V (2003) Requirements interaction management. ACM Comput Surv 35(2):132\u2013190","journal-title":"ACM Comput Surv"},{"key":"92_CR21","doi-asserted-by":"crossref","first-page":"569","DOI":"10.1109\/32.310667","volume":"20","author":"A Finkelstein","year":"1994","unstructured":"Finkelstein A, Baggay D, Hunter A, Kramer J, Nuseibeh B (1994) Inconsistency handling in multi-perspective specifications. IEEE Trans Softw Eng (20):569\u2013578","journal-title":"IEEE Trans Softw Eng"},{"key":"92_CR22","doi-asserted-by":"crossref","unstructured":"Easterbrook S, Nuseibeh B (1996) Using viewpoints for inconsistency management. Softw Eng J 31\u201343","DOI":"10.1049\/sej.1996.0004"},{"issue":"1","key":"92_CR23","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1049\/sej.1996.0002","volume":"11","author":"G Kotonya","year":"1996","unstructured":"Kotonya G, Sommerville I (1996) Requirements engineering with viewpoints. BCS\/IEE Softw Eng J 11(1):5\u201318","journal-title":"BCS\/IEE Softw Eng J"},{"key":"92_CR24","doi-asserted-by":"crossref","unstructured":"Giorgini P, Massacci F, Mylopoulos J, Zannone N (2006) Detecting conflicts of interest. In: Proceedings 14th IEEE international requirements engineering conference (RE \u201906). IEEE Computer Society, pp 308\u2013311","DOI":"10.1109\/RE.2006.16"},{"key":"92_CR25","doi-asserted-by":"crossref","unstructured":"van Lamsweerde A, Darimont R, Massonet P (1998) Managing conflicts in goal-driven requirements engineering. IEEE Trans Softw Eng 24","DOI":"10.1109\/32.730542"},{"key":"92_CR26","doi-asserted-by":"crossref","unstructured":"Jackson M, Zave P (1995) Deriving specifications from requirements: an example. In: Proceedings 17th international conference on software engineering. ACM Press, Seattle, pp 15\u201324","DOI":"10.1145\/225014.225016"},{"issue":"2","key":"92_CR27","doi-asserted-by":"crossref","first-page":"138","DOI":"10.1007\/s00766-005-0023-4","volume":"11","author":"B Haley","year":"2006","unstructured":"Haley B, Laney C, Moffett D, Nuseibeh B (2006) Using trust assumptions with security requirements. Requir Eng 11(2):138\u2013151","journal-title":"Requir Eng"},{"issue":"1","key":"92_CR28","doi-asserted-by":"crossref","first-page":"133","DOI":"10.1109\/TSE.2007.70754","volume":"34","author":"CB Haley","year":"2008","unstructured":"Haley CB, Laney R, Moffett J, Nuseibeh B (2008) Security requirements engineering: a framework for representation and analysis. IEEE Trans Softw Eng 34(1):133\u2013153","journal-title":"IEEE Trans Softw Eng"},{"key":"92_CR29","doi-asserted-by":"crossref","unstructured":"Santen T (2006) Stepwise development of secure systems. In G\u00f3rski J (ed) International conference on computer safety, reliability and security (SAFECOMP), ser. LNCS 4166. Springer, pp 142\u2013155","DOI":"10.1007\/11875567_11"},{"key":"92_CR30","unstructured":"Moffett JD, Haley CB, Nuseibeh B (2004) Core security requirements artifacts. The Open University, UK (technical report)"},{"key":"92_CR31","doi-asserted-by":"crossref","unstructured":"Breaux TD, Ant\u00f2n A (2005) Analyzing goal semantics for rights, permissions, and obligations. In: Requirements engineering, pp 177\u2013188","DOI":"10.1109\/RE.2005.12"},{"key":"92_CR32","unstructured":"Mayer N (2009) Model-based management of information system security risk. Ph.D. dissertation, University of Namur [Online]. Available: http:\/\/www.nmayer.eu\/publis\/Thesis_Mayer_2.0.pdf"},{"key":"92_CR33","unstructured":"Mayer N, Heymans P, Matulevi\u010dius R (2007) Design of a modelling language for information system security risk management. In: 1st International conference on research challenges in information science (RCIS 2007)"},{"key":"92_CR34","doi-asserted-by":"crossref","unstructured":"Mellado D, Fernandez-Medina E, Piattini M (2006) A comparison of the Common Criteria with proposals of information systems security requirements. In: ARES \u201906: proceedings of the first international conference on availability, reliability and security (ARES\u201906). IEEE Computer Society, Washington, DC, pp 654\u2013661","DOI":"10.1109\/ARES.2006.2"},{"key":"92_CR35","doi-asserted-by":"crossref","unstructured":"Kalloniatis C, Kavakli E, Gritzalis S (2004) Security requirements engineering for e-government applications: analysis of current frameworks. Springer, Berlin","DOI":"10.1007\/978-3-540-30078-6_11"},{"issue":"1","key":"92_CR36","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1109\/MS.2008.19","volume":"25","author":"I T\u00f8ndel","year":"2008","unstructured":"T\u00f8ndel I, Jaatun M, Meland P (2008) Security requirements for the rest of us: asurvey. Softw IEEE 25(1):20\u201327","journal-title":"Softw IEEE"},{"key":"92_CR37","unstructured":"van Lamsweerde A (2007) Engineering requirements for system reliability and security. In: Broy JGM, Hoare C (eds) Software system reliability and security, ser. NATO security through science series-D: information and communication security, vol 9. IOS Press, pp 196\u2013238"},{"key":"92_CR38","unstructured":"G\u00fcrses S, Santen T (2006) Contextualizing security goals\u2014a method for multilateral security requirements elicitation. In: Dittmann J (ed) Proceedings of Sicherheit 2006\u2014Schutz und Zuverl\u00e4ssigkeit, ser. Lecture notes in Informatics. Gesellschaft f\u00fcr Informatik, pp 42\u201353"},{"key":"92_CR39","unstructured":"G\u00fcrses S, Berendt B, Santen T (2006) Multilateral security requirements analysis for preserving privacy in ubiquitous environments. In: Berendt B, Menasalvas E (eds) Proceedings of workshop on ubiquitous knowledge discovery for users (UKDU\u201906) [Online]. Available: http:\/\/www.vasarely.wiwi.hu-berlin.de\/UKDU06\/Proceedings\/UKDU06-proceedings.pdf"},{"key":"92_CR40","unstructured":"G\u00fcrses S, Jahnke JH, Obry C, Onabajo A, Santen T, Price M (2005) Eliciting confidentiality requirements in practice. In: CASCON \u201905: Proceedings of the 2005 conference of the centre for advanced studies on collaborative research. IBM Press, pp 101\u2013116"},{"key":"92_CR41","doi-asserted-by":"crossref","unstructured":"Onabajo A, Weber-Jahnke J (2008) Stratified modeling and analysis of confidentiality requirements. In: 41st Annual Hawaii international conference on system sciences","DOI":"10.1109\/HICSS.2008.414"},{"key":"92_CR42","doi-asserted-by":"crossref","unstructured":"Mead N, Hough E, Stehney T (2005) Security quality requirements engineering (SQUARE) methodology. Carnegie Mellon Software Engineering Institute, Technical report CMU\/SEI-2005-TR-009","DOI":"10.21236\/ADA443493"},{"key":"92_CR43","doi-asserted-by":"crossref","unstructured":"Mead N, Viswanathan V, Padmanabhan D, Raveendran A (2008) Incorporating security quality requirements engineering (SQUARE) into standard life-cycle models. Carnegie Mellon Software Engineering Institute. Technical report CMU\/SEI-2008-TN-006","DOI":"10.21236\/ADA482345"},{"key":"92_CR44","unstructured":"UML Revision Task Force (2006) OMG unified modeling language: superstructure. http:\/\/www.omg.org\/docs\/ptc\/06-04-02.pdf"},{"key":"92_CR45","unstructured":"Sindre G, Opdahl AL (2001) Capturing security requirements by misuse cases. In: Proceedings of the 14th Norwegian informatics conference (NIK\u20192001)"},{"key":"92_CR46","doi-asserted-by":"crossref","unstructured":"Sindre G (2007) Mal-activity diagrams for capturing attacks on business processes. In: Sawyer P, Paech B, Heymanns P (eds) Proceedings of REFSQ 2007, ser. LNCS 4542. Springer, pp 355\u2013366","DOI":"10.1007\/978-3-540-73031-6_27"},{"key":"92_CR47","doi-asserted-by":"crossref","unstructured":"Lodderstedt T, Basin DA, Doser J (2002) SecureUML: a UML-based modeling language for model-driven security. In: Proceedings of the 5th international conference on the unified modeling language (UML\u201902). Springer, London, pp 426\u2013441","DOI":"10.1007\/3-540-45800-X_33"},{"key":"92_CR48","unstructured":"UML Revision Task Force (2006) OMG object constraint language: reference. http:\/\/www.omg.org\/docs\/formal\/06-05-01.pdf"},{"key":"92_CR49","volume-title":"Secure systems development with UML","author":"J J\u00fcrjens","year":"2003","unstructured":"J\u00fcrjens J (2003) Secure systems development with UML. Springer, New York"},{"key":"92_CR50","doi-asserted-by":"crossref","unstructured":"Bertrand P, Darimont R, Delor E, Massonet P, van Lamsweerde A (1998) GRAIL\/KAOS: an environment for goal drivent requirements engineering. In: ICSE\u201998\u201420th international conference on software engineering","DOI":"10.1145\/253228.253499"},{"issue":"1-2","key":"92_CR51","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1016\/0167-6423(93)90021-G","volume":"20","author":"A Dardenne","year":"1993","unstructured":"Dardenne A, van Lamsweerde A, Fickas S (1993) Goal-directed requirements acquisition. Sci Comput Program 20(1\u20132):3\u201350","journal-title":"Sci Comput Program"},{"key":"92_CR52","doi-asserted-by":"crossref","unstructured":"van Lamsweerde A (2004) Elaborating security requirements by construction of intentional anti-models. ICSE pp. 148\u2013157","DOI":"10.1109\/ICSE.2004.1317437"},{"issue":"3","key":"92_CR53","doi-asserted-by":"crossref","first-page":"203","DOI":"10.1023\/B:AGNT.0000018806.20944.ef","volume":"8","author":"P Bresciani","year":"2004","unstructured":"Bresciani P, Perini A, Giorgini P, Giunchiglia F, Mylopoulos J (2004) Tropos: an agent-oriented software development methodology. Auton Agent Multi Agent Syst 8(3):203\u2013236","journal-title":"Auton Agent Multi Agent Syst"},{"key":"92_CR54","unstructured":"Giorgini P, Susi A, Perini A, Mylopoulos J (2005) The tropos metamodel and its use. Inf J 29:401\u2013408"},{"key":"92_CR55","doi-asserted-by":"crossref","unstructured":"Fuxman A, Liu L, Mylopoulos J, Pistore M, Roveri M, Traverso P (2004) Specifying and analyzing early requirements in tropos. Requir Eng J 9(2):132\u2013150","DOI":"10.1007\/s00766-004-0191-7"},{"key":"92_CR56","unstructured":"Yu ES-K (1996) Modelling strategic relationships for process reengineering. Ph.D. dissertation, University of Toronto, Toronto"},{"key":"92_CR57","unstructured":"Yu ESK (1997) Towards modeling and reasoning support for early-phase requirements engineering. In: RE \u201997: proceedings of the 3rd IEEE international symposium on requirements engineering. IEEE Computer Society, Washington, DC, p 226"},{"key":"92_CR58","doi-asserted-by":"crossref","unstructured":"Yu ESK, Liu L (2001) Modelling trust for system design using the i * strategic actors framework. In: Proceedings of the workshop on deception, fraud, and trust in agent societies held during the autonomous agents conference. Springer, London, pp 175\u2013194","DOI":"10.1007\/3-540-45547-7_11"},{"key":"92_CR59","doi-asserted-by":"crossref","unstructured":"Giorgini P, Mouratidis H, Zannone N (2007) Modelling security and trust with secure tropos. In: Integrating security and software engineering: advances and future vision. IDEA","DOI":"10.4018\/978-1-59904-147-6"},{"issue":"2","key":"92_CR60","doi-asserted-by":"crossref","first-page":"285","DOI":"10.1142\/S0218194007003240","volume":"17","author":"H Mouratidis","year":"2007","unstructured":"Mouratidis H, Giorgini P (2007) Secure tropos: a security-oriented extension of the tropos methodology. Int J Softw Eng Knowl Eng 17(2):285\u2013309","journal-title":"Int J Softw Eng Knowl Eng"},{"key":"92_CR61","unstructured":"Mouratidis H, Giorgini P (2004) Enhancing secure tropos to effectively deal with security requirements in the development of multiagent systems. In: Proceedings of the 1st international workshop on safety and security in multiagent systems, SASEMAS"},{"key":"92_CR62","unstructured":"Mouratidis H, Giorgini P (2005) Secure tropos: dealing effectively with security requirements in the development of multiagent systems. In: Proceedings of the 2nd international workshop on safety and security in multi-agent systems, SASEMAS, ser. Computers & Security, vol 24, no.8. Elsevier, pp 614\u2013617"},{"key":"92_CR63","unstructured":"Massacci F, Mylopoulos J, Zannone N (2007) Ontologies for business interaction. Information science reference, ch. An ontology for secure socio-technical systems pp 188\u2013207"},{"key":"92_CR64","doi-asserted-by":"crossref","unstructured":"Elahi G, Yu E (2007) A goal oriented approach for modeling and analyzing security trade-offs. University of Toronto, Department of Computer Science. Technical report","DOI":"10.1007\/978-3-540-75563-0_26"},{"key":"92_CR65","doi-asserted-by":"crossref","unstructured":"Matulevi\u010dius R, Mayer N, Mouratidis H, Dubois E, Heymans P, Genon N (2008) Adapting secure tropos for security risk management in the early phases of information systems development. In: CAiSE \u201908: proceedings of the 20th international conference on advanced information systems engineering. Springer, Berlin, pp 541\u2013555","DOI":"10.1007\/978-3-540-69534-9_40"},{"key":"92_CR66","unstructured":"Mayer N, Rifaut A, Dubois E (2005) Towards a risk-based security requirements engineering framework. In: Proceedings of the 11th international workshop on requirements engineering: foundation for software quality (REFSQ\u201905), in conjunction with the 17th conference on advanced information systems engineering (CAiSE\u201905)"},{"issue":"3","key":"92_CR67","doi-asserted-by":"crossref","first-page":"207","DOI":"10.1142\/S0218194001000517","volume":"11","author":"B Bauer","year":"2001","unstructured":"Bauer B, M\u00fcller JP, Odell J (2001) Agent UML: a formalism for specifying multiagent software systems. Int J Softw Eng Knowl Eng 11(3):207\u2013230","journal-title":"Int J Softw Eng Knowl Eng"},{"key":"92_CR68","unstructured":"Giorgini P, Manson G, Mouratidis H (2004) Using security attack scenarios to analyse security during information systems design. In: The 6th international conference on enterprise information systems. Porto"},{"key":"92_CR69","doi-asserted-by":"crossref","unstructured":"Liu L, Yu E, Mylopoulos J (2003) Security and privacy requirements analysis within a social setting. In: Proceedings of 11th IEEE requirements engineering conference. IEEE Press, pp 151\u2013161","DOI":"10.1109\/ICRE.2003.1232746"},{"key":"92_CR70","volume-title":"Foundations of databases","author":"S Abiteboul","year":"1995","unstructured":"Abiteboul S, Hull R, Vianu V (1995) Foundations of databases. Addison-Wesley, New York"},{"key":"92_CR71","doi-asserted-by":"crossref","unstructured":"Giorgini P, Massacci F, Mylopoulos J, Zannone N (2005) St-tool: a case tool for security requirements engineering. In: RE-05. IEEEP, pp 451\u2013452","DOI":"10.1109\/RE.2005.67"},{"key":"92_CR72","unstructured":"Massacci F, Zannone N (2006) Detecting conflicts between functional and security requirements with secure tropos: John rusnak and the allied irish bank"},{"issue":"3","key":"92_CR73","doi-asserted-by":"crossref","first-page":"499","DOI":"10.1145\/1149114.1149117","volume":"7","author":"N Leone","year":"2006","unstructured":"Leone N, Pfeifer G, Faber W, Eiter T, Gottlob G, Perri S, Scarcello F (2006) The DLV system for knowledge representation and reasoning. ACM Trans Comput Logic 7(3):499\u2013562","journal-title":"ACM Trans Comput Logic"},{"key":"92_CR74","unstructured":"He Q, Ant\u00f2n AI (2003) A framework for modeling privacy requirements in role engineering. In: International workshop on requirements engineering for software quality (REFSQ 2003)"},{"key":"92_CR75","unstructured":"CERIAS Technical Report (1999) Policy framework for interpreting risk in ecommerce security"},{"key":"92_CR76","unstructured":"Hauser J, Clausing D (1988) The house of quality. Harv Bus Rev 32(5)"},{"key":"92_CR77","volume-title":"Problem frames","author":"M Jackson","year":"2001","unstructured":"Jackson M (2001) Problem frames. Analyzing and structuring software development problems. Addison-Wesley, New York"},{"key":"92_CR78","unstructured":"Lin L, Nuseibeh B, Ince D, Jackson M (2004) Using abuse frames to bound the scope of security problems. In: Proceedings of 11th IEEE international requirements engineering conference (RE\u201904). pp 354\u2013355"},{"key":"92_CR79","doi-asserted-by":"crossref","unstructured":"Hatebur D, Heisel M, Schmidt H (2006) Security engineering using problem frames. In: M\u00fcller G (ed) Proceedings of the international conference on emerging trends in information and communication security (ETRICS\u201906), ser. LNCS 3995. Springer, pp 238\u2013253","DOI":"10.1007\/11766155_17"},{"key":"92_CR80","doi-asserted-by":"crossref","unstructured":"Hatebur D, Heisel M, Schmidt H, (2007) A pattern system for security requirements engineering. In: Proceedings of the international conference on availability, reliability and security (AReS). IEEE Computer Society, pp 356\u2013365","DOI":"10.1109\/ARES.2007.12"},{"key":"92_CR81","doi-asserted-by":"crossref","unstructured":"Hatebur D, Heisel M, Schmidt H (2007) A security engineering process based on patterns. In: Proceedings of the international workshop on secure systems methodologies using patterns (SPatterns). IEEE Computer Society, pp 734\u2013738","DOI":"10.1109\/DEXA.2007.36"},{"key":"92_CR82","doi-asserted-by":"crossref","unstructured":"Hatebur D, Heisel M, Schmidt H (2008) Analysis and component-based realization of security requirements. In: Proceedings of the international conference on availability, reliability and security (AReS). IEEE Computer Society, pp 195\u2013203","DOI":"10.1109\/ARES.2008.27"},{"key":"92_CR83","doi-asserted-by":"crossref","unstructured":"Schmidt H (2009) Pattern-based confidentiality-preserving refinement. In: Engineering secure software and systems\u2014first international symposium (ESSoS), ser. LNCS, vol 5429. Springer, Berlin, pp 43\u201359","DOI":"10.1007\/978-3-642-00199-4_5"},{"key":"92_CR84","doi-asserted-by":"crossref","unstructured":"Schmidt H, Wentzlaff I (2006) Preserving software quality characteristics from requirements analysis to architectural design. In: Proceedings of the European workshop on software architectures (EWSA), vol 4344\/2006. Springer, Berlin, pp 189\u2013203","DOI":"10.1007\/11966104_14"},{"key":"92_CR85","doi-asserted-by":"crossref","unstructured":"Haley CB, Moffett JD, Laney R, Nuseibeh B (2006) A framework for security requirements engineering. In: SESS \u201906: proceedings of the 2006 international workshop on Software engineering for secure systems. ACM Press, New York, pp 35\u201342","DOI":"10.1145\/1137627.1137634"},{"key":"92_CR86","doi-asserted-by":"crossref","unstructured":"Haley C, Laney R, Moffett J, Nuseibeh B (2004) Picking battles: the impact of trust assumptions on the elaboration of security requirements. In: Jensen CD, Poslad S, Dimitrakos T (eds) iTrust\u201904, pp 347\u2013354","DOI":"10.1007\/978-3-540-24747-0_27"},{"key":"92_CR87","unstructured":"Haley CB, Moffett JD, Laney R, Nuseibeh B (2005) Arguing security: validating security requirements using structured argumentation. In: Proceedings of the 3rd symposium on requirements engineering for information security (SREIS\u201905). Paris"},{"issue":"1","key":"92_CR88","doi-asserted-by":"crossref","first-page":"101","DOI":"10.1007\/s10550-007-0013-9","volume":"25","author":"F Braber","year":"2007","unstructured":"Braber F, Hogganvik I, Lund MS, St\u00f8len K, and Vraalsen F (2007) Model-based security analysis in seven steps\u2014a guided tour to the CORAS method. BT Technol J 25(1):101\u2013117","journal-title":"BT Technol J"},{"key":"92_CR89","unstructured":"Dahl HEI, Hogganvik I, St\u00f8len K (2007) Structured semantics for the CORAS security risk modelling language. SINTEF information and communication technology Technical report STF07 A970"},{"key":"92_CR90","doi-asserted-by":"crossref","unstructured":"Asnar Y, Giorgini P, Massacci F, Zannone N (2007) From trust to dependability through risk analysis. In: Proceedings of the international conference on availability, reliability and security (AReS). IEEE Computer Society, pp 19\u201326","DOI":"10.1109\/ARES.2007.93"},{"key":"92_CR91","unstructured":"Asnar Y, Giorgini P, Mylopoulos J (2006) Risk modelling and reasoning in goal models. University of Trento. Technical report DIT-06-008"},{"issue":"2","key":"92_CR92","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1109\/MSP.2006.35","volume":"4","author":"F Keblawi","year":"2006","unstructured":"Keblawi F, Sullivan D (2006) Applying the common criteria in systems engineering. IEEE Secur Priv 4(2):50\u201355","journal-title":"IEEE Secur Priv"},{"key":"92_CR93","doi-asserted-by":"crossref","unstructured":"Mellado D, Fernandez-Medina E, Piattini M (2006) Applying a security requirements engineering process. In: ESORICS\u201906","DOI":"10.1007\/11863908_13"},{"key":"92_CR94","doi-asserted-by":"crossref","unstructured":"Mellado D, Fernander-Medina E, Piattini M (2006) A comparison of the common criteria with proposals of information systems security requirements. In: First international conference on availability, reliability, and security (ARES\u201906). pp 654\u2013661","DOI":"10.1109\/ARES.2006.2"},{"key":"92_CR95","volume-title":"The Unified Software Development Process","author":"G Booch","year":"1999","unstructured":"Booch G, Rumbaugh J, Jacobson I (1999) The Unified Software Development Process. Addison-Wesley, New York"},{"key":"92_CR96","unstructured":"Sindre G, Firesmith DG, Opdahl AL (2003) A reuse-based approach to determining security requirements. In: Ninth international workshop on requirements engineering (REFSQ\u201903). http:\/\/www.citeseer.ist.psu.edu\/580371.html"},{"key":"92_CR97","unstructured":"MAP (2005) Metodolog\u00eca de an\u00e0lisis y gesti\u00f2n de riesgos de los sistemas de informaci\u00f2n (magerit-v 2)"}],"container-title":["Requirements Engineering"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00766-009-0092-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00766-009-0092-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00766-009-0092-x","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,29]],"date-time":"2019-05-29T05:59:27Z","timestamp":1559109567000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00766-009-0092-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009,11,26]]},"references-count":97,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2010,3]]}},"alternative-id":["92"],"URL":"https:\/\/doi.org\/10.1007\/s00766-009-0092-x","relation":{},"ISSN":["0947-3602","1432-010X"],"issn-type":[{"value":"0947-3602","type":"print"},{"value":"1432-010X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2009,11,26]]}}}