Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
SIGSOFT
2005
ACM
2005
ACM
Reasoning about confidentiality at requirements engineering time
Growing attention is being paid to application security at requirements engineering time. Confidentiality is a particular subclass of security concerns that requires sensitive information to never be disclosed to unauthorized agents. Disclosure refers to undesired knowledge states of such agents. In previous work we have extended our requirements specification framework with epistemic constructs for capturing what agents may or may not know about the application. Roughly, an agent knows some property if the latter is found in the agent's memory. This paper makes the semantics of such constructs further precise through a formal model of how sensitive information may appear or disappear in an agent's memory. Based on this extended framework, a catalog of specification patterns is proposed to codify families of confidentiality requirements. A proof-ofconcept tool is presented for early checking of requirements models against such confidentiality patterns. In case of violation, ...
Real-time TrafficConfidentiality Patterns | Confidentiality Requirements | Requirements Specification Framework | SIGSOFT 2005 | Software Engineering |
Related Content
| Added | 20 Nov 2009 |
| Updated | 20 Nov 2009 |
| Type | Conference |
| Year | 2005 |
| Where | SIGSOFT |
| Authors | Renaud De Landtsheer, Axel van Lamsweerde |
Comments (0)
Researcher Info
|
