Location of Repository

Arguing satisfaction of security requirements

By Charles B. Haley, Robin Laney, Jonathan D. Moffett and Bashar Nuseibeh

Abstract

This chapter presents a process for security requirements elicitation and analysis,\ud based around the construction of a satisfaction argument for the security of a\ud system. The process starts with the enumeration of security goals based on assets\ud in the system, then uses these goals to derive security requirements in the form of\ud constraints. Next, a satisfaction argument for the system is constructed, using a\ud problem-centered representation, a formal proof to analyze properties that can be\ud demonstrated, and structured informal argumentation of the assumptions exposed\ud during construction of the argument. Constructing the satisfaction argument can\ud expose missing and inconsistent assumptions about system context and behavior\ud that effect security, and a completed argument provides assurances that a system\ud can respect its security requirements

Publisher: Idea Group Publishing
Year: 2006
OAI identifier: oai:oro.open.ac.uk:2493
Provided by: Open Research Online

Suggested articles

Preview


To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.