{"id":"https://openalex.org/W2167321783","doi":"https://doi.org/10.1145/976270.976285","title":"Deriving security requirements from crosscutting threat descriptions","display_name":"Deriving security requirements from crosscutting threat descriptions","publication_year":2004,"publication_date":"2004-03-22","ids":{"openalex":"https://openalex.org/W2167321783","doi":"https://doi.org/10.1145/976270.976285","mag":"2167321783"},"language":"en","primary_location":{"id":"doi:10.1145/976270.976285","is_oa":false,"landing_page_url":"https://doi.org/10.1145/976270.976285","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 3rd international conference on Aspect-oriented software development","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5083738120","display_name":"Charles B. Haley","orcid":null},"institutions":[{"id":"https://openalex.org/I204136569","display_name":"The Open University","ror":"https://ror.org/05mzfcs16","country_code":"GB","type":"education","lineage":["https://openalex.org/I204136569"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Charles B. Haley","raw_affiliation_strings":["The Open University, Milton Keynes, UK"],"affiliations":[{"raw_affiliation_string":"The Open University, Milton Keynes, UK","institution_ids":["https://openalex.org/I204136569"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047794260","display_name":"Robin Laney","orcid":"https://orcid.org/0000-0002-9319-8209"},"institutions":[{"id":"https://openalex.org/I204136569","display_name":"The Open University","ror":"https://ror.org/05mzfcs16","country_code":"GB","type":"education","lineage":["https://openalex.org/I204136569"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Robin C. Laney","raw_affiliation_strings":["The Open University, Milton Keynes, UK"],"affiliations":[{"raw_affiliation_string":"The Open University, Milton Keynes, UK","institution_ids":["https://openalex.org/I204136569"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5060861082","display_name":"Bashar Nuseibeh","orcid":"https://orcid.org/0000-0002-3476-053X"},"institutions":[{"id":"https://openalex.org/I204136569","display_name":"The Open University","ror":"https://ror.org/05mzfcs16","country_code":"GB","type":"education","lineage":["https://openalex.org/I204136569"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Bashar Nuseibeh","raw_affiliation_strings":["The Open University, Milton Keynes, UK"],"affiliations":[{"raw_affiliation_string":"The Open University, Milton Keynes, UK","institution_ids":["https://openalex.org/I204136569"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5083738120"],"corresponding_institution_ids":["https://openalex.org/I204136569"],"apc_list":null,"apc_paid":null,"fwci":11.0911,"has_fulltext":false,"cited_by_count":92,"citation_normalized_percentile":{"value":0.9834258,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"112","last_page":"121"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10639","display_name":"Advanced Software Engineering Methodologies","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10639","display_name":"Advanced Software Engineering Methodologies","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9968000054359436,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13295","display_name":"Safety Systems Engineering in Autonomy","score":0.9968000054359436,"subfield":{"id":"https://openalex.org/subfields/2213","display_name":"Safety, Risk, Reliability and Quality"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/functional-requirement","display_name":"Functional requirement","score":0.6244869828224182},{"id":"https://openalex.org/keywords/non-functional-requirement","display_name":"Non-functional requirement","score":0.619322657585144},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6107487082481384},{"id":"https://openalex.org/keywords/requirements-analysis","display_name":"Requirements analysis","score":0.5764583945274353},{"id":"https://openalex.org/keywords/requirements-management","display_name":"Requirements management","score":0.5616703629493713},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.5091924071311951},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.5088408589363098},{"id":"https://openalex.org/keywords/system-requirements-specification","display_name":"System requirements specification","score":0.4992711544036865},{"id":"https://openalex.org/keywords/non-functional-testing","display_name":"Non-functional testing","score":0.4594050943851471},{"id":"https://openalex.org/keywords/scope","display_name":"Scope (computer science)","score":0.44334152340888977},{"id":"https://openalex.org/keywords/stakeholder","display_name":"Stakeholder","score":0.44032660126686096},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4289504289627075},{"id":"https://openalex.org/keywords/requirements-elicitation","display_name":"Requirements elicitation","score":0.42479878664016724},{"id":"https://openalex.org/keywords/requirement","display_name":"Requirement","score":0.4196704924106598},{"id":"https://openalex.org/keywords/business-requirements","display_name":"Business requirements","score":0.4195452928543091},{"id":"https://openalex.org/keywords/functional-specification","display_name":"Functional specification","score":0.4145898222923279},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.41154801845550537},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.41096821427345276},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.20010393857955933},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.17580586671829224},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.1523975133895874},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.12460285425186157},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.12265026569366455},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.11829245090484619},{"id":"https://openalex.org/keywords/business-process","display_name":"Business process","score":0.09977048635482788},{"id":"https://openalex.org/keywords/operations-management","display_name":"Operations management","score":0.08280172944068909},{"id":"https://openalex.org/keywords/work-in-process","display_name":"Work in process","score":0.07695111632347107}],"concepts":[{"id":"https://openalex.org/C62235348","wikidata":"https://www.wikidata.org/wiki/Q3264234","display_name":"Functional requirement","level":2,"score":0.6244869828224182},{"id":"https://openalex.org/C199747065","wikidata":"https://www.wikidata.org/wiki/Q3254666","display_name":"Non-functional requirement","level":5,"score":0.619322657585144},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6107487082481384},{"id":"https://openalex.org/C59488412","wikidata":"https://www.wikidata.org/wiki/Q187147","display_name":"Requirements analysis","level":3,"score":0.5764583945274353},{"id":"https://openalex.org/C173577280","wikidata":"https://www.wikidata.org/wiki/Q530038","display_name":"Requirements management","level":4,"score":0.5616703629493713},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.5091924071311951},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.5088408589363098},{"id":"https://openalex.org/C84651959","wikidata":"https://www.wikidata.org/wiki/Q17052506","display_name":"System requirements specification","level":2,"score":0.4992711544036865},{"id":"https://openalex.org/C26336911","wikidata":"https://www.wikidata.org/wiki/Q7048920","display_name":"Non-functional testing","level":5,"score":0.4594050943851471},{"id":"https://openalex.org/C2778012447","wikidata":"https://www.wikidata.org/wiki/Q1034415","display_name":"Scope (computer science)","level":2,"score":0.44334152340888977},{"id":"https://openalex.org/C201305675","wikidata":"https://www.wikidata.org/wiki/Q852998","display_name":"Stakeholder","level":2,"score":0.44032660126686096},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4289504289627075},{"id":"https://openalex.org/C45384764","wikidata":"https://www.wikidata.org/wiki/Q838667","display_name":"Requirements elicitation","level":4,"score":0.42479878664016724},{"id":"https://openalex.org/C135475081","wikidata":"https://www.wikidata.org/wiki/Q774228","display_name":"Requirement","level":4,"score":0.4196704924106598},{"id":"https://openalex.org/C123247970","wikidata":"https://www.wikidata.org/wiki/Q5001932","display_name":"Business requirements","level":4,"score":0.4195452928543091},{"id":"https://openalex.org/C57371142","wikidata":"https://www.wikidata.org/wiki/Q16914225","display_name":"Functional specification","level":5,"score":0.4145898222923279},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.41154801845550537},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.41096821427345276},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.20010393857955933},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.17580586671829224},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.1523975133895874},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.12460285425186157},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.12265026569366455},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.11829245090484619},{"id":"https://openalex.org/C85345410","wikidata":"https://www.wikidata.org/wiki/Q851587","display_name":"Business process","level":3,"score":0.09977048635482788},{"id":"https://openalex.org/C21547014","wikidata":"https://www.wikidata.org/wiki/Q1423657","display_name":"Operations management","level":1,"score":0.08280172944068909},{"id":"https://openalex.org/C174998907","wikidata":"https://www.wikidata.org/wiki/Q357662","display_name":"Work in process","level":2,"score":0.07695111632347107},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C39549134","wikidata":"https://www.wikidata.org/wiki/Q133080","display_name":"Public relations","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C186846655","wikidata":"https://www.wikidata.org/wiki/Q3398377","display_name":"Software construction","level":4,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1145/976270.976285","is_oa":false,"landing_page_url":"https://doi.org/10.1145/976270.976285","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 3rd international conference on Aspect-oriented software development","raw_type":"proceedings-article"},{"id":"pmh:oai:oro.open.ac.uk:2491","is_oa":false,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4306401187","display_name":"Open Research Online (The Open University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I204136569","host_organization_name":"The Open University","host_organization_lineage":["https://openalex.org/I204136569"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":"","raw_type":"Conference or Workshop Item"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.210.849","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.210.849","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://charles.the-haleys.org/papers/AOSD04.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.62.3590","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.62.3590","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://mcs.open.ac.uk/ban25/papers/aosd04.haley.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.41999998688697815}],"awards":[],"funders":[{"id":"https://openalex.org/F4320319993","display_name":"Leverhulme Trust","ror":"https://ror.org/012mzw131"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":38,"referenced_works":["https://openalex.org/W53823097","https://openalex.org/W170287575","https://openalex.org/W171601550","https://openalex.org/W1484460783","https://openalex.org/W1507153772","https://openalex.org/W1531064568","https://openalex.org/W1548820180","https://openalex.org/W1571676245","https://openalex.org/W1574949544","https://openalex.org/W1589188624","https://openalex.org/W1610570299","https://openalex.org/W1662441884","https://openalex.org/W1721033460","https://openalex.org/W1838112905","https://openalex.org/W1990991680","https://openalex.org/W1992036716","https://openalex.org/W2056134008","https://openalex.org/W2065614429","https://openalex.org/W2100134231","https://openalex.org/W2110157102","https://openalex.org/W2112021951","https://openalex.org/W2113435553","https://openalex.org/W2117818414","https://openalex.org/W2127393411","https://openalex.org/W2129063689","https://openalex.org/W2134154118","https://openalex.org/W2139453480","https://openalex.org/W2151451947","https://openalex.org/W2153177282","https://openalex.org/W2157437711","https://openalex.org/W2163022780","https://openalex.org/W2167881054","https://openalex.org/W3172217583","https://openalex.org/W4233110253","https://openalex.org/W4285719527","https://openalex.org/W6635134227","https://openalex.org/W6637448928","https://openalex.org/W6682639063"],"related_works":["https://openalex.org/W4385784960","https://openalex.org/W2128973668","https://openalex.org/W2080089689","https://openalex.org/W1002355121","https://openalex.org/W4319599578","https://openalex.org/W4230481354","https://openalex.org/W1547272105","https://openalex.org/W2887850622","https://openalex.org/W2591209210","https://openalex.org/W1976299131"],"abstract_inverted_index":{"It":[0],"is":[1,33],"generally":[2],"accepted":[3],"that":[4,17,68],"early":[5],"determination":[6],"of":[7,15,22,43,59,116,137],"the":[8,13,20,40,44,57,63,99,109,114,117,124,134,138],"stakeholder":[9],"requirements":[10,27,42,61,91,111,120,136],"assists":[11],"in":[12,55,71],"development":[14],"systems":[16],"better":[18],"meet":[19],"needs":[21],"those":[23],"stakeholders.":[24],"General":[25],"security":[26,60,131],"frustrate":[28],"this":[29],"goal":[30],"because":[31],"it":[32],"difficult":[34],"to":[35,95,98,108,112],"determine":[36],"how":[37,48],"they":[38],"affect":[39],"functional":[41,64,90,110,135],"system.This":[45],"paper":[46],"illustrates":[47],"representing":[49],"threats":[50,79],"as":[51,104],"crosscutting":[52],"concerns":[53,132],"aids":[54],"determining":[56],"effect":[58],"on":[62,80],"requirements.":[65],"Assets":[66],"(objects":[67],"have":[69],"value":[70],"a":[72],"system)":[73],"are":[74,83,93,106,121],"first":[75],"enumerated,":[76],"and":[77,89,126],"then":[78],"these":[81],"assets":[82,88],"listed.":[84],"The":[85],"points":[86],"where":[87],"join":[92],"examined":[94],"expose":[96],"vulnerabilities":[97],"threats.":[100],"Security":[101],"requirements,":[102],"represented":[103],"constraints,":[105],"added":[107],"reduce":[113],"scope":[115],"vulnerabilities.":[118],"These":[119],"used":[122],"during":[123],"analysis":[125],"specification":[127],"process,":[128],"thereby":[129],"incorporating":[130],"into":[133],"system.":[139]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":2},{"year":2017,"cited_by_count":2},{"year":2016,"cited_by_count":4},{"year":2015,"cited_by_count":3},{"year":2014,"cited_by_count":4},{"year":2013,"cited_by_count":7},{"year":2012,"cited_by_count":3}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}