Managing security control assumptions using causal traceability

Security control specifications of software systems are designed to meet their security requirements. It is difficult to know both the value of assets and the malicious intention of attackers at design time, hence assumptions about the operational environment often reveal unexpected flaws. To diagnose the causes of violations in security requirements it is necessary to check these design-time assumptions. Otherwise, the system could be vulnerable to potential attacks. Addressing such vulnerabilities requires an explicit understanding of how the security control specifications were defined from the original security requirements. However, assumptions are rarely explicitly documented and monitored during system operation. This paper proposes a systematic approach to monitoring design-time assumptions explicitly as logs, by using traceability links from requirements to specifications. The work also helps identify which alternative specifications of security control can be used to satisfy a security requirement that has been violated based on the logs. The work is illustrated by an example of an electronic patient record system

Security Requirements Specification and Tracing within Topological Functioning Model

Specification and traceability of security requirements is still a challenge since modeling and analysis of security aspects of systems require additional efforts at the very beginning of software development. The topological functioning model is a formal mathematical model that can be used as a reference model for functional and non-functional requirements of the system. It can also serve as a reference model for security requirements. The purpose of this study is to determine the approach to how security requirements can be specified and traced using the topological functioning model. This article demonstrates the suggested approach and explains its potential benefits and limitations