Picking Battles: the Impact of Trust Assumptions on the Elaboration of Security Requirements

Haley, Charles B.; Laney, Robin C.; Moffett, Jonathan D and Nuseibeh, Bashar (2003). Picking Battles: the Impact of Trust Assumptions on the Elaboration of Security Requirements. Technical Report 2003/19; Department of Computing, The Open University.

DOI: https://doi.org/10.21954/ou.ro.00016001

Abstract

Assumptions made during analysis of the requirements for a system-to-be about the trustworthi-ness of its various components (including human components) can have a significant effect on the specifications derived from the system's requirements. These trust assumptions can affect the scope of the analysis, derivation of security requirements, and in some cases how functionality is realized. This paper presents trust assumptions in the context of analysis of security requirements. A running example shows how trust assumptions are used by a requirements engineer to help define and limit the scope of analysis and to document the decisions made during the process.

Viewing alternatives

Download history

Metrics

Public Attention

Altmetrics from Altmetric

Number of Citations

Citations from Dimensions

Item Actions

Export

About

Recommendations