Elaborating Security Requirements by Construction of Intentional Anti-Models

9 years 10 months ago
Elaborating Security Requirements by Construction of Intentional Anti-Models
Caring for security at requirements engineering time is a message that has finally received some attention recently. However, it is not yet very clear how to achieve this systematically through the various stages of the requirements engineering process. The paper presents a constructive approach to the modeling, specification and analysis of applicationspecific security requirements. The method is based on a goal-oriented framework for generating and resolving obstacles to goal satisfaction. The extended framework addresses malicious obstacles (called anti-goals) set up by attackers to threaten security goals. Threat trees are built systematically through anti-goal refinement until leaf nodes are derived that are either software vulnerabilities observable by the attacker or anti-requirements implementable by this attacker. New security requirements are then obtained as countermeasures by application of threat resolution operators to the specification of the antirequirements and vulner...
Axel van Lamsweerde
Added 09 Dec 2009
Updated 09 Dec 2009
Type Conference
Year 2004
Where ICSE
Authors Axel van Lamsweerde
Comments (0)