The Open UniversitySkip to content
 

Security Requirements Engineering: A Framework for Representation and Analysis

Haley, Charles B.; Laney, Robin; Moffett, Jonathan D. and Nuseibeh, Bashar (2008). Security Requirements Engineering: A Framework for Representation and Analysis. IEEE Transactions on Software Engineering, 34(1) pp. 133–153.

Full text available as:
[img]
Preview
PDF (Not Set) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Download (3585Kb)
DOI (Digital Object Identifier) Link: http://dx.doi.org/10.1109/TSE.2007.70754
Google Scholar: Look up in Google Scholar

Abstract

This paper presents a framework for security requirements elicitation and analysis. The framework is based on constructing a context for the system, representing security requirements as constraints, and developing satisfaction arguments for the security requirements. The system context is described using a problem-oriented notation, then is validated against the security requirements through construction of a satisfaction argument. The satisfaction argument consists of two parts: a formal argument that the system can meet its security requirements and a structured informal argument supporting the assumptions expressed in the formal argument. The construction of the satisfaction argument may fail, revealing either that the security requirement cannot be satisfied in the context or that the context does not contain sufficient information to develop the argument. In this case, designers and architects are asked to provide additional design information to resolve the problems. We evaluate the framework by applying it to a security requirements analysis within an air traffic control technology evaluation project.

Item Type: Journal Article
Copyright Holders: 2008 IEEE
ISSN: 0098-5589
Extra Information: "©2008 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE."
Academic Unit/Department: Mathematics, Computing and Technology > Computing & Communications
Interdisciplinary Research Centre: Centre for Research in Computing (CRC)
Related URLs:
Item ID: 10058
Depositing User: Users 3 not found.
Date Deposited: 13 Nov 2007
Last Modified: 11 Jul 2013 09:08
URI: http://oro.open.ac.uk/id/eprint/10058
Share this page:

Actions (login may be required)

View Item
Report issue / request change

Policies | Disclaimer

© The Open University   + 44 (0)870 333 4340   general-enquiries@open.ac.uk