Affiliation:
1. The Open University, UK
Abstract
This chapter presents a process for security requirements elicitation and analysis, based around the construction of a satisfaction argument for the security of a system. The process starts with the enumeration of security goals based on assets in the system, then uses these goals to derive security requirements in the form of constraints. Next, a satisfaction argument for the system is constructed, using a problem-centered representation, a formal proof to analyze properties that can be demonstrated, and structured informal argumentation of the assumptions exposed during construction of the argument. Constructing the satisfaction argument can expose missing and inconsistent assumptions about system context and behavior that effect security, and a completed argument provides assurances that a system can respect its security requirements.
Cited by
9 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Verifikation und Validierung;Security by Design;2021
2. Graphical Modeling of Security Arguments: Current State and Future Directions;Graphical Models for Security;2018
3. Selecting Security Mechanisms in Secure Tropos;Trust, Privacy and Security in Digital Business;2017
4. Survey and analysis on Security Requirements Engineering;Computers & Electrical Engineering;2012-11
5. Secure by Design;International Journal of Secure Software Engineering;2011-07