Abstract:Security specifications of IT products and systems are inherently complex and may subject products to semantic threats due to misunderstanding of key aspects of security objectives by developers, customers and end users. A study is conducted on expressing the security specifications by specially interpreted UML use case diagrams to avoid misunderstanding by peer groups, i.e. to prevent semantic threats at the development phase through improved comprehension of security specifications. We base our results on en… Show more
“…The first aim is to extend the notation to cover the entire Protection Profile or Security Target in addition to the security environment and security objectives. Some results are given in [20]. By systematically transforming the security objectives diagram into a security requirement diagram where SFR specifications can be incorporated and then further into a security function diagram where TOE Summary Specification artifacts can be incorporated, all remaining security specification components can be incorporated into a collection of diagrams.…”
Section: Discussionmentioning
confidence: 99%
“…Security objective definitions and tracings can be derived from the diagrams but the demonstration of suitability requires knowledge of security functions specified as part of the TOE Summary Specification. Diagrams for expressing security requirements and security functions, and for generating suitability claims among further rationales have been presented in [20].…”
“…The first aim is to extend the notation to cover the entire Protection Profile or Security Target in addition to the security environment and security objectives. Some results are given in [20]. By systematically transforming the security objectives diagram into a security requirement diagram where SFR specifications can be incorporated and then further into a security function diagram where TOE Summary Specification artifacts can be incorporated, all remaining security specification components can be incorporated into a collection of diagrams.…”
Section: Discussionmentioning
confidence: 99%
“…Security objective definitions and tracings can be derived from the diagrams but the demonstration of suitability requires knowledge of security functions specified as part of the TOE Summary Specification. Diagrams for expressing security requirements and security functions, and for generating suitability claims among further rationales have been presented in [20].…”
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.