Reasoning about confidentiality at requirements engineering time

Landtsheer, Renaud De; Lamsweerde, Axel van

doi:10.1145/1081706.1081715

Cited by 24 publications

(18 citation statements)

References 35 publications

(42 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…De Landtsheer and van Lamsweerde propose modeling which properties agents, authorized or not, can know [22]. The Tropos project, e.g., [29], takes a similar view, but extended to include agents' intentions and explicit trust delegation.…”

Section: Security Requirements From Privacy and Trustmentioning

confidence: 99%

Security Requirements Engineering: A Framework for Representation and Analysis

Haley

Laney

Moffett

et al. 2008

IIEEE Trans. Software Eng.

350

256

View full text Add to dashboard Cite

Abstract-This paper presents a framework for security requirements elicitation and analysis. The framework is based on constructing a context for the system, representing security requirements as constraints, and developing satisfaction arguments for the security requirements. The system context is described using a problem-oriented notation, then is validated against the security requirements through construction of a satisfaction argument. The satisfaction argument consists of two parts: a formal argument that the system can meet its security requirements and a structured informal argument supporting the assumptions expressed in the formal argument. The construction of the satisfaction argument may fail, revealing either that the security requirement cannot be satisfied in the context or that the context does not contain sufficient information to develop the argument. In this case, designers and architects are asked to provide additional design information to resolve the problems. We evaluate the framework by applying it to a security requirements analysis within an air traffic control technology evaluation project.

show abstract

Section: Security Requirements From Privacy and Trustmentioning

confidence: 99%

Security Requirements Engineering: A Framework for Representation and Analysis

Haley

Laney

Moffett

et al. 2008

IIEEE Trans. Software Eng.

350

256

View full text Add to dashboard Cite

show abstract

“…De Landtsheer and van Lamsweerde [3] model confidentiality claims as specification patterns, representing properties that unauthorised agents should not know. They identify violations of confidentiality claims in terms of counterexample scenarios present in requirements models.…”

Section: Related Workmentioning

confidence: 99%

Managing Security Requirements Conflicts in Socio-Technical Systems

Paja

Dalpiaz

Giorgini

2013

Conceptual Modeling

View full text Add to dashboard Cite

Abstract. Requirements are inherently prone to conflicts, for they originate from stakeholders with different, often opposite, needs. Security requirements are no exception. Importantly, their violation leads to severe effects, including privacy infringement, legal sanctions, and exposure to security attacks. Today's systems are Socio-Technical Systems (STSs): they consist of autonomous participants (humans, organisations, software) that interact to get things done. In STSs, security is not just a technical challenge, but it needs to consider the social components of STSs too. We have previously proposed STS-ml, a security requirements modelling language for STSs that expresses security requirements as contractual constraints over the interactions among STS participants. In this paper, we build on top of STS-ml and propose a framework that, via automated reasoning techniques, supports the identification and management of conflicts in security requirements models. We apply our framework to a case study about e-Government, and report on promising scalability results of our implementation.

show abstract

“…There may be many threats to security of resources and information e.g. unauthorized access to resources and information, changing the information during the transmission, or disabling the authorized access [2] etc.…”

Section: Introductionmentioning

confidence: 99%

Design of Secure and Traceable Requirement Engineering Process for Security-Sensitive Projects

Ahad¹,

Tariq²,

Niaz³

et al. 2017

JSEA

View full text Add to dashboard Cite

With continuous evolution in software industry, security is becoming very important in software projects. However, in many development methodologies, security is thought to be added in the project at later stages of the development lifecycle. There are also many proposed methodologies where the security measures are considered at requirement engineering stage of the development lifecycle, but many of them still do not seem adequate for applicability due to the reason that these approaches do not provide sufficient support for mapping the security requirements to the later stages of development. So, we are in need of a software requirement engineering approach, which is not only helpful in security requirement specification at requirement engineering stage but also provides support for using the specified security requirements at later stages of development. To meet this requirement, we introduce a new method Secure and Traceable Requirement Engineering Process (STREP). This method also helps the non-security-expert requirement engineers to specify requirements in such a way that the specified requirements can be used to derive security related test cases. STREP method not only deals with security issues of the system at requirement engineering stage, but also makes the security requirements more traceable to be used at later stages of development lifecycle, and as a result, secure systems are produced that are also usable as the customer wishes.

show abstract

Reasoning about confidentiality at requirements engineering time

Cited by 24 publications

References 35 publications

Security Requirements Engineering: A Framework for Representation and Analysis

Security Requirements Engineering: A Framework for Representation and Analysis

Managing Security Requirements Conflicts in Socio-Technical Systems

Design of Secure and Traceable Requirement Engineering Process for Security-Sensitive Projects

Contact Info

Product

Resources

About