The Open UniversitySkip to content
 

Using trust assumptions with security requirements

Haley, Charles B.; Laney, Robin C.; Moffett, Jonathan D. and Nuseibeh, Bashar (2006). Using trust assumptions with security requirements. Requirements Engineering, 11(2) pp. 138–151.

URL: http://www.springerlink.com/content/7383260n844t22...
DOI (Digital Object Identifier) Link: http://dx.doi.org/10.1007/s00766-005-0023-4
Google Scholar: Look up in Google Scholar

Abstract

Assumptions are frequently made during requirements analysis of a system about the trustworthiness of its various components (including human components). These trust assumptions, whether implicit or explicit, affect the scope of the analysis, derivation of security requirements, and in some cases how functionality is realized. This paper presents trust assumptions in the context of analysis of security requirements. A running example shows how trust assumptions can be used by a requirements engineer to help define and limit the scope of analysis and to document the decisions made during the process. The paper concludes with a case study examining the impact of trust assumptions on software that uses the Secure Electronic Transaction (SET) specification.

Item Type: Journal Article
ISSN: 0947-3602
Keywords: Security Requirements; Problem Frames
Academic Unit/Department: Mathematics, Computing and Technology > Computing & Communications
Interdisciplinary Research Centre: Centre for Research in Computing (CRC)
Item ID: 3272
Depositing User: Robin Laney
Date Deposited: 03 Jul 2006
Last Modified: 02 Dec 2010 19:49
URI: http://oro.open.ac.uk/id/eprint/3272
Share this page:

Actions (login may be required)

View Item
Report issue / request change

Policies | Disclaimer

© The Open University   + 44 (0)870 333 4340   general-enquiries@open.ac.uk