The Open UniversitySkip to content
 

Deriving security requirements from crosscutting threat descriptions

Haley, Charles B.; Laney, Robin C. and Nuseibeh, Bashar (2004). Deriving security requirements from crosscutting threat descriptions. In: Proceedings of the 3rd international conference on aspect-oriented software development, ACM Press, New York, USA, pp. 112–121.

Full text available as:
[img]
Preview
PDF (Not Set) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Download (201Kb)
URL: http://portal.acm.org/citation.cfm?doid=976270.976...
DOI (Digital Object Identifier) Link: http://doi.org/10.1145/976270.976285
Google Scholar: Look up in Google Scholar

Abstract

It is generally accepted that early determination of the stakeholder requirements assists in the development of systems that better meet the needs of those stakeholders. General security requirements frustrate this goal because it is difficult to determine how they affect the functional requirements of the system.
This paper illustrates how representing threats as crosscutting concerns aids in determining the effect of security requirements on the functional requirements. Assets (objects that have value in a system) are first enumerated, and then threats on these assets are listed. The points where assets and functional requirements join are examined to expose vulnerabilities to the threats. Security requirements, represented as constraints, are added to the functional requirements to reduce the scope of the vulnerabilities. These requirements are used during the analysis and specification process, thereby incorporating security concerns into the functional requirements of the system.

Item Type: Conference Item
ISBN: 1-58113-842-3, 978-1-58113-842-9
Academic Unit/Department: Faculty of Science, Technology, Engineering and Mathematics (STEM) > Computing and Communications
Faculty of Science, Technology, Engineering and Mathematics (STEM)
Interdisciplinary Research Centre: Centre for Research in Computing (CRC)
Centre for Policing Research and Learning (CPRL)
Item ID: 2491
Depositing User: Charles Haley
Date Deposited: 13 Jun 2006
Last Modified: 05 Oct 2016 02:56
URI: http://oro.open.ac.uk/id/eprint/2491
Share this page:

Altmetrics

Scopus Citations

Download history for this item

These details should be considered as only a guide to the number of downloads performed manually. Algorithmic methods have been applied in an attempt to remove automated downloads from the displayed statistics but no guarantee can be made as to the accuracy of the figures.

▼ Automated document suggestions from open access sources

Actions (login may be required)

Policies | Disclaimer

© The Open University   + 44 (0)870 333 4340   general-enquiries@open.ac.uk