Haley, Charles B.; Moffett, Jonathan D.; Laney, Robin and Nuseibeh, Bashar
Arguing security: validating security requirements using structured argumentation.
In: Third Symposium on Requirements Engineering for Information Security (SREIS'05) held in conjunction with the 13th International Requirements Engineering Conference (RE'05), 29 Aug 2005, Paris, France.
Full text available as:
This paper proposes using both formal and structured informal arguments to show that an eventual realized system can satisfy its security requirements. These arguments, called 'satisfaction arguments', consist of two parts: a formal argument based upon claims about domain properties, and a set of informal arguments that justify the claims. Building on our earlier work on trust assumptions and security requirements, we show how using satisfaction arguments assists in clarifying how a system satisfies its security requirements, in the process identifying those properties of domains that are critical to the requirements.
Actions (login may be required)