摘要： 提出了一种基于通用准则思想的分阶段的安全需求设计方法，讨论了其中早期安全需求分析阶段的主要工作内容。在此基础上，提出一种扩展i*框架的早期安全需求建模方法，并以一个面向通用准则EAL3评估级的工业数据采集系统的需求开发活动为例，详细阐述了该方法下系统早期安全需求模型的建立过程。

关键词: 信息安全, 通用准则, 需求工程, i*框架, 工业数据采集系统

Abstract: Based on common criteria, a three-phased requirement engineering method is presented. It focuses the early-phased security requirements engineering, and proposes an extended i* framework by defining new nodes and links. The extended model can model the relationships of security environments and security objectives precisely and visually, thus help to define the required security objectives. Taking the requirement development of an industrial data acquisition system as an example, the modeling processes based on the proposed model is discussed.

Key words: information security, common criteria, requirement engineering, i* framework, industrial data acquisition system

中图分类号: 

• TP311.52