Sciweavers

TSE
2008

Security Requirements Engineering: A Framework for Representation and Analysis

13 years 3 months ago
Security Requirements Engineering: A Framework for Representation and Analysis
This paper presents a framework for security requirements elicitation and analysis. The framework is based on constructing a context for the system, representing security requirements as constraints, and developing satisfaction arguments for the security requirements. The system context is described using a problem-oriented notation, then is validated against the security requirements through construction of a satisfaction argument. The satisfaction argument consists of two parts: a formal argument that the system can meet its security requirements and a structured informal argument supporting the assumptions expressed in the formal argument. The construction of the satisfaction argument may fail, revealing either that the security requirement cannot be satisfied in the context or that the context does not contain sufficient information to develop the argument. In this case, designers and architects are asked to provide additional design information to resolve the problems. We evaluate...
Charles B. Haley, Robin C. Laney, Jonathan D. Moff
Added 15 Dec 2010
Updated 15 Dec 2010
Type Journal
Year 2008
Where TSE
Authors Charles B. Haley, Robin C. Laney, Jonathan D. Moffett, Bashar Nuseibeh
Comments (0)