{"updated":"2025-01-22T01:01:18.065103+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00066497","sets":["581:582:5905"]},"path":["5905"],"owner":"11","recid":"66497","title":["効率的なセキュリティ要求分析手法の提案"],"pubdate":{"attribute_name":"公開日","attribute_value":"2009-10-15"},"_buckets":{"deposit":"6da464c5-c180-4038-9f9c-97858278e623"},"_deposit":{"id":"66497","pid":{"type":"depid","value":"66497","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"効率的なセキュリティ要求分析手法の提案","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"効率的なセキュリティ要求分析手法の提案"},{"subitem_title":"A Proposal of an Efficient Security Requirements Analysis Method","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"一般論文","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2009-10-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"株式会社富士通研究所／情報セキュリティ大学院大学"},{"subitem_text_value":"情報セキュリティ大学院大学"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Fujitsu Laboratories Limited / Institute of Information Security","subitem_text_language":"en"},{"subitem_text_value":"Institute of Information Security","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/66497/files/IPSJ-JNL5010009.pdf"},"date":[{"dateType":"Available","dateValue":"2011-10-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL5010009.pdf","filesize":[{"value":"555.1 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"04f465c0-5719-437f-b1ca-3665080bac70","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2009 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"大久保, 隆夫"},{"creatorName":"田中, 英彦"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Takao, Okubo","creatorNameLang":"en"},{"creatorName":"Hidehiko, Tanaka","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"本論文では，開発者全体にセキュリティ知識が浸透していない状況でも，効率的にセキュリティの要求策定を行うことができるセキュリティ要求分析手法を新規に提案する．提案手法の主な特徴は次の2点である．1点目は，セキュリティ知識を持つ者と，ソフトウェアのドメイン知識を持つ者とが分離していることを前提にした，アスペクト指向のセキュリティ要求策定プロセス（AOSRE）である，2点目は，要求分析の中でも負担の重い作業になっている脅威，対策案の抽出手法に対して，既存のミスユースケース図を新規に拡張し，保護資産やアーキテクチャの概念を追加することで分析者の作業の効率化および結果の共有を容易にした，資産ベースのミスユースケース手法（AsseMis）である．筆者らは提案した手法を実際のアプリケーション開発に適用し，効率化，有効性について評価を行った．","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"In this paper, we propose a new security requirements analysis method which enables efficient requirement elicitation even with limited security expertise. The proposed method contains two main features. One is a new aspect-oriented security requirements elicitation process (AOSRE) which is based on the assumption that the security expertise and the domain knowledge are isolated. The other is a new asset based misuse case approach (AsseMis) which extends a misuse case approach to improve efficiency of threat identification and understandability of results. We have applied our new approach to several application development projects evaluated the efficiency.","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"2499","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicPageStart":"2484","bibliographicIssueDates":{"bibliographicIssueDate":"2009-10-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"10","bibliographicVolumeNumber":"50"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"created":"2025-01-18T23:27:14.685279+00:00","id":66497,"links":{}}