Arguing security: validating security requirements using structured argumentation

Haley, Charles B.; Moffett, Jonathan D.; Laney, Robin and Nuseibeh, Bashar (2005). Arguing security: validating security requirements using structured argumentation. In: Third Symposium on Requirements Engineering for Information Security (SREIS'05) held in conjunction with the 13th International Requirements Engineering Conference (RE'05), 29 Aug 2005, Paris, France.


This paper proposes using both formal and structured informal arguments to show that an eventual realized system can satisfy its security requirements. These arguments, called 'satisfaction arguments', consist of two parts: a formal argument based upon claims about domain properties, and a set of informal arguments that justify the claims. Building on our earlier work on trust assumptions and security requirements, we show how using satisfaction arguments assists in clarifying how a system satisfies its security requirements, in the process identifying those properties of domains that are critical to the requirements.

Viewing alternatives

Download history

Item Actions