Security and privacy requirements engineering for human centric IoT systems using eFRIEND and Isabelle

In this paper, we combine a framework for ethical requirement elicitation eFRIEND with automated reasoning. To provide trustworthy and secure IoT for vulnerable users in healthcare scenarios, we need to apply ethics to arrive at suitable system requirements. In order to map those to technical system requirements, we employ high level logical modeling using dedicated Isabelle frameworks for (1) infrastructures with human actors and security policies, (2) attack tree analysis, and (3) security protocol analysis. Following this outline, we apply these frameworks to a case study for supporting Security and Privacy when diagnosing Alzheimer’s patients with smartphone and sensor technolog

Security and privacy requirements engineering for human centric IoT systems using eFRIEND and Isabelle

In this paper, we combine a framework for ethical requirement elicitation eFRIEND with automated reasoning. To provide trustworthy and secure IoT for vulnerable users in healthcare scenarios, we need to apply ethics to arrive at suitable system requirements. In order to map those to technical system requirements, we employ high level logical modeling using dedicated Isabelle frameworks for (1) infrastructures with human actors and security policies, (2) attack tree analysis, and (3) security protocol analysis. Following this outline, we apply these frameworks to a case study for supporting Security and Privacy when diagnosing Alzheimer’s patients with smartphone and sensor technolog

Integrating Functional and Security Requirements Analysis using SOFL for Software Security Assurance

Formal methods have been applied to define requirements for safety and/or security critical software systems in some industrial sectors, but the challenge is the lack of a systematic way to take security issues into account in specifying the functional behaviors. In this paper, we propose a formal approach to expressing and explicitly interweaving security and functional requirements. With this approach, the functional behaviors of the system are precisely specified using the Structured Object Oriented Formal Language (SOFL), the security rules are systematically explored, and the result is properly incorporated into the functional specification as constraints. The resultant specification then defines the system functionality that implies the conformance to the security rules. Such a specification can be used as a firm foundation for implementation and testing of the implementation. We discuss the principle of interweaving security rules with functional specifications and present a case study to demonstrate the feasibility of our approac