Arguing security: validating security requirements using structured argumentation

This paper proposes using both formal and structured informal arguments to show that an eventual realized system can satisfy its security requirements. These arguments, called 'satisfaction arguments', consist of two parts: a formal argument based upon claims about domain properties, and a set of informal arguments that justify the claims. Building on our earlier work on trust assumptions and security requirements, we show how using satisfaction arguments assists in clarifying how a system satisfies its security requirements, in the process identifying those properties of domains that are critical to the requirements

Arguing satisfaction of security requirements

This chapter presents a process for security requirements elicitation and analysis, based around the construction of a satisfaction argument for the security of a system. The process starts with the enumeration of security goals based on assets in the system, then uses these goals to derive security requirements in the form of constraints. Next, a satisfaction argument for the system is constructed, using a problem-centered representation, a formal proof to analyze properties that can be demonstrated, and structured informal argumentation of the assumptions exposed during construction of the argument. Constructing the satisfaction argument can expose missing and inconsistent assumptions about system context and behavior that effect security, and a completed argument provides assurances that a system can respect its security requirements

Analysis of Existing Approaches to Constructing Component-based Systems Directly from Natural Language Requirements

System development generally starts with Requirements Engineering (RE) process. Based on requirements, system analysts produce the requirements documents and analyze them in order to produce design documents. These artefacts will be inputs to the later stages in the system development. It is argued that during the transition between these stages, considering many other various factors, information might be missed out or misinterpreted along the way. Hence, a better transition in the development cycle is required. This paper outlines and provides an analysis of the existing approaches in the literature on constructing systems from natural language requirements (NLR) as to provide the motivation of a new approach to constructing component-based system from NLR

Eliciting requirements and scenarios using the SCTL-MUS methodology. The shuttle system case study

ABSTRACT The development of complex systems demands methodologies that conveniently support the stakeholders in the creative tasks. In this paper, we present a methodology for the incremental elicitation of requirements and scenarios, driven by the integration checks performed over a state machine that represents the global behavior of the desired system

A bi-directional analysis technique for software safety and software security

With the recent rapid development of software technology, safety-critical and security-critical software is playing a more important role in people\u27s lives. The importance of system safety and system security has promoted much research on systematic techniques to develop complete safety and security requirements. Among the techniques used in the analysis of the software safety, bi-directional analysis has shown promise in security requirement analysis. This method combines a forward search from potential failure modes to their effects with a backward search from feasible hazards to the contributing causes of each hazard. We use bi-directional analysis to investigate the requirements for two applications in the areas of safety analysis and security analysis. The two contributions of this work both involve the application of the bi-directional analysis and develop systematic methods to apply it to these two different types of non-functional requirements analysis. The first application is to construct a systematic safety requirements analysis technique for a smart door product line. The final results include a reusable safety analysis and the discovery of missing safety requirements. The second application investigates a systematic security requirements technique for a Delay Tolerant Network protocol called the Bundle Protocol. This work improves an existing security analysis technique by integrating it with the bi- directional analysis to demonstrate and challenge the correctness and completeness of the resulting security requirements specifications. We also report the discovery of missing security requirements and the remediation of the security requirements. Both applications explore the technique of applying bi-directional analysis to software safety analysis and software security analysis and find that the bi-directional analysis assists in finding incorrect and incomplete requirements

Situation-oriented requirements engineering

The establishment of smart environments, Internet of Things (IoT) and socio-technical systems has introduced many challenges to the software development process. One such main challenge is software requirements gathering which needs to address issues in a broader spectrum than traditional standalone software development. Consideration of bigger picture that includes software, its domain, the components of the domains and especially the interactions between the software and the surrounding domain components, including both human and other systems entities, is essential to gathering reliable requirements. However, most of the traditional Requirements Engineering approaches lack such comprehensive overlook of the overall view. The main objective of this work is to introduce a human-centered approach to Requirements Engineering in order to push the boundaries of traditional concepts to be more suitable for use in the development of modern socio-technical systems in smart environments. A major challenge of introducing a human-centered approach is to effectively identify the related human factors; especially, since each individual has unique desires, goals, behaviors. Our proposed solution is to use the observational data sets generated by smart environments as a resource to extract individual\u27s unique personalities and behaviors related to the software design. The concept of situations defined in our earlier study is used to represent the human and domain related aspects including human desires, goals, beliefs, interactions with the system and the constrained environment. In the first stage of this work, a computational model called situation-transition structure is developed to understand the discrete factors and behavior patterns of individuals through the observational data. During the second stage, the information mined from the situation transition structure is applied to propose new human-centered approaches to support main Requirements Engineering concepts: requirements elicitation, risk management, and prioritization. The pertinence of the proposed work is illustrated through some case studies. The conclusion asserts some of the future research direction

Arguing Security: A Framework for Analyzing Security Requirements

When considering the security of a system, the analyst must simultaneously work with two types of properties: those that can be shown to be true, and those that must be argued as being true. The first consists of properties that can be demonstrated conclusively, such as the type of encryption in use or the existence of an authentication scheme. The second consists of things that cannot be so demonstrated but must be considered true for a system to be secure, such as the trustworthiness of a public key infrastructure or the willingness of people to keep their passwords secure. The choices represented by the second case are called trust assumptions, and the analyst should supply arguments explaining why the trust assumptions are valid. This thesis presents three novel contributions: a framework for security requirements elicitation and analysis, based upon the construction of a context for the system; an explicit place and role for trust assumptions in security requirements; and structured satisfaction arguments to validate that a system can satisfy the security requirements. The system context is described using a problem-centered notation, then is validated against the security requirements through construction of a satisfaction argument. The satisfaction argument is in two parts: a formal argument that the system can meet its security requirements, and structured informal arguments supporting the assumptions exposed during argument construction. If one cannot construct a convincing argument, designers are asked to provide design information to resolve the problems and another pass is made through the framework to verify that the proposed solution satisfies the requirements. Alternatively, stakeholders are asked to modify the goals for the system so that the problems can be resolved or avoided. The contributions are evaluated by using the framework to do a security requirements analysis within an air traffic control technology evaluation project

Progressing problems from requirements to specifications in problem frames

One of the problems with current practice in software development is that often customer requirements are not well captured, understood and analysed, and there is no clear traceable path from customer requirements to software specifications. This often leads to a mismatch between what the customer needs and what the software developer understands the customer needs. In addition to capturing, understanding and analysing requirements, requirements engineering (RE) aims to provide methods to allow software development practitioners to derive software specifications from requirements. Although work exists towards this aim, the systematic derivation of specifications from requirements is still an open problem. This thesis provides practical techniques to implement the idea of problem progression as the basis for transforming requirements into specifications. The techniques allow us to progress a software problem towards identifying its solution by carefully investigating the problem context and re-expressing the requirement statement until a specification is reached. We develop two classes of progression techniques, one formal, based on Hoare’s Communicating Sequential Processes (CSP), and one semi-formal, based on a notion of causality between events. The case studies in this thesis provide some validation for the techniques we have developed

Problem Oriented Engineering for Software Safety

Safety critical systems must satisfy stringent safety standards and there development requires the use of specialist safe software system development (SSSD) approaches as the complexity and penetration of these systems increases. These SSSD approaches satisfy certain useful properties that make them suitable for safety system development. The first objective of this thesis is to select a candidate SSSD approach and evaluate its capabilities against a set of useful properties identified from reviewing a group of existing SSSD approaches, and thus show that this candidate SSSD approach is appropriate for use in safety system development. In addition, a second objective is to use this candidate SSSD approach to improve the early life cycle phase of an existing industrial safety development process used to develop embedded avionics applications. In particular to allow issues to be resolved earlier in the development, which are currently not being uncovered until much later in the development when they are much more difficult and expensive to correct. This involved the identification of further properties and issues that the candidate SSSD approach must address. The overall aim is to demonstrate that this candidate SSSD approach can be used in the early phase of a safety system development to derive a validated specification that can be subjected to safety analysis to show that it satisfies the identified system safety properties and thus forms a viable basis for the rest of the development

A Model for a Causal Logic for Requirements Engineering

The language of causation is natural for the specification of requirements for complex systems. The paper provides a vocabulary of causal specification expressions, suitable for describing and analysing such systems. The notation is given a syntax and partial semantics. It covers many of the commonly-used modes of causal language including necessary and sufficient cause, prevention and enabling conditions. The concept of condition splitting is introduced, enabling a specification at an abstract level to treat two conditions as identical, while a concrete refinement of it may view them as separate. A number of other issues are examined, including: repetitive, probabilistic and hidden causes; causal agents; the validation of causal descriptions; and concurrency. Possible approaches to development of causal specifications are discussed. The work is placed in the context of related work in artificial intelligence and philosophy. The detailed framework of the paper is supported by a realistic example. 2 Contents 1