The Open UniversitySkip to content
 

Arguing satisfaction of security requirements

Haley, Charles B.; Laney, Robin; Moffett, Jonathan D. and Nuseibeh, Bashar (2006). Arguing satisfaction of security requirements. In: Mouratidis, Haralambos and Giorgini, Paolo eds. Integrating security and software engineering: advances and future vision. Hershey, PA and London: Idea Group Publishing, pp. 15–42.

Full text available as:
[img]
Preview
PDF (Not Set) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Download (449Kb)
URL: http://www.idea-group.com/books/details.asp?ID=610...
Google Scholar: Look up in Google Scholar

Abstract

This chapter presents a process for security requirements elicitation and analysis,
based around the construction of a satisfaction argument for the security of a
system. The process starts with the enumeration of security goals based on assets
in the system, then uses these goals to derive security requirements in the form of
constraints. Next, a satisfaction argument for the system is constructed, using a
problem-centered representation, a formal proof to analyze properties that can be
demonstrated, and structured informal argumentation of the assumptions exposed
during construction of the argument. Constructing the satisfaction argument can
expose missing and inconsistent assumptions about system context and behavior
that effect security, and a completed argument provides assurances that a system
can respect its security requirements.

Item Type: Book Chapter
ISBN: 1-59904-147-2, 978-1-59904-147-6
Academic Unit/Department: Mathematics, Computing and Technology > Computing & Communications
Mathematics, Computing and Technology
Interdisciplinary Research Centre: Centre for Research in Computing (CRC)
Item ID: 2493
Depositing User: Charles Haley
Date Deposited: 21 Jun 2006
Last Modified: 25 Feb 2016 14:26
URI: http://oro.open.ac.uk/id/eprint/2493
Share this page:

► Automated document suggestions from open access sources

Download history for this item

These details should be considered as only a guide to the number of downloads performed manually. Algorithmic methods have been applied in an attempt to remove automated downloads from the displayed statistics but no guarantee can be made as to the accuracy of the figures.

Actions (login may be required)

Policies | Disclaimer

© The Open University   + 44 (0)870 333 4340   general-enquiries@open.ac.uk