The Open UniversitySkip to content
 

Arguing satisfaction of security requirements

Haley, Charles B; Laney, Robin; Moffett, Jonathan D and Nuseibeh, Bashar (2008). Arguing satisfaction of security requirements. In: Nemati, Hamid ed. Information Security and Ethics: Concepts, Methodologies, Tools, and Applications, Volume 4. Information Science Reference.

URL: http://www.igi-global.com/reference/details.asp?id...
Google Scholar: Look up in Google Scholar

Abstract

When considering the security of a system, the analyst must simultaneously work with two types of properties: those that can be shown to be true, and those that must be argued as being true. The first consists of properties that can be demonstrated conclusively, such as the type of encryption in use or the existence of an authentication scheme. The second consists of things that cannot be so demonstrated but must be considered true for a system to be secure, such as the trustworthiness of a public key infrastructure or the willingness of people to keep their passwords secure. The choices represented by the second case are called trust assumptions, and the analyst should supply arguments explaining why the trust assumptions are valid.
The chapter will present a process for security requirements elicitation and analysis, based around the construction of a satisfaction argument for the security of a system. The process starts with the enumeration of security goals based on assets in the system, then uses these goals to derive security requirements in the form of constraints. The satisfaction argument is then constructed using a problem-centered representation, a formal proof to analyze properties that can be demonstrated, and structured informal argumentation of the trust assumptions exposed during construction of the argument.

Item Type: Book Chapter
Copyright Holders: 2008 Information Science Reference
ISBN: 1-59904-937-6, 978-1-59904-937-3
Academic Unit/Department: Mathematics, Computing and Technology > Computing & Communications
Interdisciplinary Research Centre: Centre for Research in Computing (CRC)
Item ID: 18878
Depositing User: Charles Haley
Date Deposited: 02 Dec 2009 15:30
Last Modified: 02 Dec 2010 20:40
URI: http://oro.open.ac.uk/id/eprint/18878
Share this page:

Actions (login may be required)

View Item
Report issue / request change

Policies | Disclaimer

© The Open University   + 44 (0)870 333 4340   general-enquiries@open.ac.uk