A framework for security requirements engineering
| Autor: | Jonathan D. Moffett, Bashar Nuseibeh, Charles B. Haley, Robin Laney |
|---|---|
| Rok vydání: | 2006 |
| Předmět: |
Knowledge management
Non-functional requirement Requirements engineering Computer science business.industry Requirements elicitation Computer security model Security testing Security engineering ITIL security management Risk analysis (engineering) Argument Software security assurance Security through obscurity Security convergence business |
| Zdroj: | SESS@ICSE Software Engineering for Secure Systems Workshop (SESS'06), co-located with the 28th International Conference on Software Engineering (ICSE'06) |
| DOI: | 10.1145/1137627.1137634 |
| Popis: | This paper presents a framework for security requirements\ud elicitation and analysis, based upon the construction of a context for the system and satisfaction arguments for the security of the system. One starts with enumeration of security goals based on assets in the system. These goals are used to derive security requirements in the form of constraints. The system context is described using a problem-centered notation, then this context is\ud validated against the security requirements through construction of a satisfaction argument. The satisfaction argument is in two parts: a formal argument that the system can meet its security requirements, and a structured informal argument supporting the assumptions expressed in the formal argument. The construction\ud of the satisfaction argument may fail, revealing either that the security requirement cannot be satisfied in the context, or that the context does not contain sufficient information to develop the argument. In this case, designers and architects are asked to provide additional design information to resolve the problems. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|