Abstract-This paper presents a framework for security requirements elicitation and analysis. The framework is based on constructing a context for the system, representing security requirements as constraints, and developing satisfaction arguments for the security requirements. The system context is described using a problem-oriented notation, then is validated against the security requirements through construction of a satisfaction argument. The satisfaction argument consists of two parts: a formal argument that the system can meet its security requirements and a structured informal argument supporting the assumptions expressed in the formal argument. The construction of the satisfaction argument may fail, revealing either that the security requirement cannot be satisfied in the context or that the context does not contain sufficient information to develop the argument. In this case, designers and architects are asked to provide additional design information to resolve the problems. We evaluate the framework by applying it to a security requirements analysis within an air traffic control technology evaluation project.
Radon-222 is a naturally occurring radioactive gas that is responsible for approximately half of the human annual background radiation exposure globally. Chronic exposure to radon and its decay products is estimated to be the second leading cause of lung cancer behind smoking, and links to other forms of neoplasms have been postulated. Ionizing radiation emitted during the radioactive decay of radon and its progeny can induce a variety of cytogenetic effects that can be biologically damaging and result in an increased risk of carcinogenesis. Suggested effects produced as a result of alpha particle exposure from radon include mutations, chromosome aberrations, generation of reactive oxygen species, modification of the cell cycle, up or down regulation of cytokines and the increased production of proteins associated with cell-cycle regulation and carcinogenesis. A number of potential biomarkers of exposure, including translocations at codon 249 of TP53 in addition to HPRT mutations, have been suggested although, in conclusion, the evidence for such hotspots is insufficient. There is also substantial evidence of bystander effects, which may provide complications when calculating risk estimates as a result of exposure, particularly at low doses where cellular responses often appear to deviate from the linear, no-threshold hypothesis. At low doses, effects may also be dependent on cellular conditions as opposed to dose. The cellular and molecular carcinogenic effects of radon exposure have been observed to be both numerous and complex and the elevated chronic exposure of man may therefore pose a significant public health risk that may extend beyond the association with lung carcinogenesis.
Problem frames provide a means of analyzing and decomposing
This paper presents a framework for security requirements elicitation and analysis, based upon the construction of a context for the system and satisfaction arguments for the security of the system. One starts with enumeration of security goals based on assets in the system. These goals are used to derive security requirements in the form of constraints. The system context is described using a problem-centered notation, then this context is validated against the security requirements through construction of a satisfaction argument. The satisfaction argument is in two parts: a formal argument that the system can meet its security requirements, and a structured informal argument supporting the assumptions expressed in the formal argument. The construction of the satisfaction argument may fail, revealing either that the security requirement cannot be satisfied in the context, or that the context does not contain sufficient information to develop the argument. In this case, designers and architects are asked to provide additional design information to resolve the problems.
It is generally accepted that early determination of the stakeholder requirements assists in the development of systems that better meet the needs of those stakeholders. General security requirements frustrate this goal because it is difficult to determine how they affect the functional requirements of the system. This paper illustrates how representing threats as crosscutting concerns aids in determining the effect of security requirements on the functional requirements. Assets (objects that have value in a system) are first enumerated, and then threats on these assets are listed. The points where assets and functional requirements join are examined to expose vulnerabilities to the threats. Security requirements, represented as constraints, are added to the functional requirements to reduce the scope of the vulnerabilities. These requirements are used during the analysis and specification process, thereby incorporating security concerns into the functional requirements of the system.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.