Arguing satisfaction of security requirements

Haley, Charles B.; Laney, Robin; Moffett, Jonathan D. and Nuseibeh, Bashar (2006). Arguing satisfaction of security requirements. In: Mouratidis, Haralambos and Giorgini, Paolo eds. Integrating security and software engineering: advances and future vision. Hershey, PA and London: Idea Group Publishing, pp. 15–42.

URL: http://www.idea-group.com/books/details.asp?ID=610...

Abstract

This chapter presents a process for security requirements elicitation and analysis,
based around the construction of a satisfaction argument for the security of a
system. The process starts with the enumeration of security goals based on assets
in the system, then uses these goals to derive security requirements in the form of
constraints. Next, a satisfaction argument for the system is constructed, using a
problem-centered representation, a formal proof to analyze properties that can be
demonstrated, and structured informal argumentation of the assumptions exposed
during construction of the argument. Constructing the satisfaction argument can
expose missing and inconsistent assumptions about system context and behavior
that effect security, and a completed argument provides assurances that a system
can respect its security requirements.

Viewing alternatives

Look up in Google Scholar

Download history

Download Accepted Manuscript (PDF / 460kB)

Item Actions

Export

You can export this page using these formats

About

Item ORO ID
2493
Item Type
Book Section
ISBN
1-59904-147-2, 978-1-59904-147-6
Academic Unit or School
Computing and Communications
Faculty of Science, Technology, Engineering and Mathematics (STEM)
Research Group
Centre for Research in Computing (CRC)
Depositing User
Charles Haley

CORE (COnnecting REpositories)

Open Research Online - ORO

Arguing satisfaction of security requirements

Abstract

Viewing alternatives

Download history

Item Actions

Export

About

The Open University

Explore

Undergraduate

Postgraduate

Policy

Follow us on Social media