Copy the page URI to the clipboard
Haley, Charles B.; Laney, Robin C. and Nuseibeh, Bashar (2005). Validating Security Requirements Using Structured Toulmin-Style Argumentation. Technical Report 2005/04; Department of Computing, The Open University.
DOI: https://doi.org/10.21954/ou.ro.00016034
Abstract
This paper proposes using structured informal argumentation to assist with determining whether the security requirements for a system satisfy the security goals, and whether an eventual realized system can satisfy the security requirements. We call these arguments 'satisfaction arguments', and propose a systematic approach for their construction. A satisfaction argument is typically probabilistic and unique to the system in its context. We use the argument form proposed by Toulmin for evidence-based argumentation, consisting of claims, grounds, warrants, and rebuttals. Building on our earlier work on trust assumptions and security requirements, we show how using satisfaction arguments assists both in locating inconsistencies between security requirements and their respective goals, and in exposing tacit or inconsistent assumptions about the properties of domains and their possible effects on the eventual security of a system.