A Static Verification Framework for Secure Peer-to-Peer Applications

In this paper we present a static verification framework to support the design and verification of secure peer-to-peer applications. The framework supports the specification, modeling, and analysis of security aspects together with the general characteristics of the system, during early stages of the development life-cycle. The approach avoids security issues to be taken into consideration as a separate layer that is added to the system as an afterthought by the use of security protocols. The main functionality supported by the framework are concerned with the modeling of the system together with its security aspects by using an extension of UML, modeling of abuse cases to represent scenarios of attackers and assist with the identification of properties to be verified, specification of properties to be verified in a graphical template language, verification of the models against the properties, and visualization of the results of the verification process

A framework for security requirements engineering

This paper presents a framework for security requirements elicitation and analysis, based upon the construction of a context for the system and satisfaction arguments for the security of the system. One starts with enumeration of security goals based on assets in the system. These goals are used to derive security requirements in the form of constraints. The system context is described using a problem-centered notation, then this context is validated against the security requirements through construction of a satisfaction argument. The satisfaction argument is in two parts: a formal argument that the system can meet its security requirements, and a structured informal argument supporting the assumptions expressed in the formal argument. The construction of the satisfaction argument may fail, revealing either that the security requirement cannot be satisfied in the context, or that the context does not contain sufficient information to develop the argument. In this case, designers and architects are asked to provide additional design information to resolve the problems

Arguing satisfaction of security requirements

This chapter presents a process for security requirements elicitation and analysis, based around the construction of a satisfaction argument for the security of a system. The process starts with the enumeration of security goals based on assets in the system, then uses these goals to derive security requirements in the form of constraints. Next, a satisfaction argument for the system is constructed, using a problem-centered representation, a formal proof to analyze properties that can be demonstrated, and structured informal argumentation of the assumptions exposed during construction of the argument. Constructing the satisfaction argument can expose missing and inconsistent assumptions about system context and behavior that effect security, and a completed argument provides assurances that a system can respect its security requirements

Vers une nouvelle génération de définition des exigences de sécurité fondée sur l'utilisation des ontologies

National audienceAu cours de ces dernières années, la sécurité des Systèmes d'Information (SI) est devenue une préoccupation importante, qui doit être prise en compte dans toutes les phases de développement du SI, y compris dans la phase initiale de l'ingénierie des exigences (IE). Des études récentes proposent quelques approches utiles pour la définition des exigences de sécurité. Cependant les analystes continuent de souffrir d'un manque important de connaissances sur la sécurité et sur le domaine d'activité des entreprises. Les ontologies sont connues pour être des sources riches de ces connaissances. Nous proposons, dans cette recherche, de mobiliser des ontologies dans le processus d'ingénierie des exigences. Nous voulons montrer que le recours à des ontologies pour supporter ce processus est un facteur clé de succès dans la définition d'exigences de sécurité de haute qualité

Towards a new generation of security requirements definition methodology using ontologies

International audienceIn recent years, security in Information Systems (IS) has become an important issue, and needs to be taken into account in all stages of IS development, including the early phase of Requirement Engineering (RE). Recent studies proposed some useful approaches for security requirements definition but analysts still suffer from a considerable lack of knowledge about security and domain field. Ontologies are known to be wide sources of knowledge. We propose in this research to include ontologies into the requirements engineering process. Ontologies are factors in achieving success in requirements elicitation of high quality

A Systematic Framework for Structured Object-Oriented Security Requirements Analysis in Embedded Systems

The primary goal of this paper is to develop a structured objectoriented security requirements analysis methodology for the elicitation and analysis of security requirements in embedded systems. There are several approaches to elicit, analyze and specify security requirements in embedded systems ranging from formal mathematical models for proof of certain security properties to informal methods that are easily understood. Applicability of formal security models is limited because they are complex and it is time consuming to develop. On the other hand, informal security requirements analysis methods are not integrated with conceptual models in requirements analysis, and although both external and internal threats have been dealt using use cases and misuse cases, they provide no process for analyzing both internal and external threats in a structured manner. This paper discusses a structured object-oriented security requirements analysis methodology for the elicitation and analysis of security requirements in embedded systems. It is capable of identifying hierarchically both external and internal threats posed by both external and internal actors of a system level by level. It is illustrated and validated by security requirements analysis for an advanced embedded power grid control system

Identifying Potential Security Flaws using Loophole Analysis and the SECREt

In contemporary software development thereare a number of methods that attempt to ensure the securityof a system. Many of these methods are however introducedin the latter stages of development or try to address theissues of securing a software system by envisioning possiblethreats to that system, knowledge that is usually bothsubjective and esoteric.In this paper we introduce the concept of path fixationand discuss how contradictory paths or loopholes, discoveredduring requirements engineering and using only arequirements specification document, can lead to potentialsecurity flaws in a proposed system.The SECREt is a proof-of-concept prototype tool developedto demonstrate the effectiveness of loophole analysis.We discuss how the tool performs a loophole analysisand present the results of tests conducted on an actualspecification document. We conclude that loophole analysisis an effective, objective method for the discovery ofpotential vulnerabilitites that exist in proposed systems andthat the SECREt can be successfully incorporated into therequirements engineering process

Towards a Catalogue of Reusable Security Requirements, Vulnerabilities and Threats

Organizations are giving more importance to secure their systems due to the increasing number of cyber-attacks and inherent complexity. The aim of our work is help organizations plan and consider these security concerns from the very beginning, since the requirements and design phases, and not just later in the implementation or deployment phases. Consider security-by-design and security-by-default principles are good approaches to avoid rework costs or to mitigate security flaws. However, there is not yet a suitable approach to specify security requirements in a rigorous and systematic way. In this paper we propose an approach that allows the definition and specification of security-specific concerns like security requirements but also vulnerabilities, risks or threats. We discuss this approach based on two key parts: First, we introduce the RSLingo RSL language, that is a rigorous requirements specification language, and discuss how it is extended to support such security-specific concepts. Second, we claim the relevance for a catalogue of reusable security-specific specifications and then we show concrete examples of defining and using such specifications. The proposed catalogue can be easily used and extended by the community and involves currently 52 goals, 12 vulnerabilities and 31 risks; these concerns are defined into 9 packages each one representing a distinct asset