In this paper the authors outline a new process model for security engineering. The process model extends object-oriented, use case driven software development by the systematic treatment of security-related issues. Due to the increasing number of distributed applications, security plays a more and more important role within systems development. In particular, evolving new Web technologies supporting the dynamic interconnection between software components and novel mobile devices require a high level of security. Today's process models such as the Unified Process or Catalysis treat security aspects as nonfunctional requirements among others. Our claim is that security is a requirement that has to be considered at all stages of development and which needs particular modeling techniques to be captured.
展开▼