The effect of trust assumptions on the elaboration of security requirements

The effect of trust assumptions on the elaboration of security requirements

Assumptions are frequently made during requirements analysis of a system-to-be about the trustworthiness of its various components (including human components). These trust assumptions can affect the scope of the analysis, derivation of security requirements, and in some cases, how functionality is...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Haley, C.B., Laney, R.C., Moffett, J.D., Nuseibeh, B.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Accidents
Applied sciences
Computer science
Computer science
control theory
systems
Computer security
Design engineering
Educational institutions
Exact sciences and technology
Humans
Information security
Maintenance engineering
Protection
Software
Software engineering
Text analysis
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Assumptions are frequently made during requirements analysis of a system-to-be about the trustworthiness of its various components (including human components). These trust assumptions can affect the scope of the analysis, derivation of security requirements, and in some cases, how functionality is realized. This work presents trust assumptions in the context of analysis of security requirements. A running example shows how trust assumptions can be used by a requirements engineer to help define and limit the scope of analysis and to document the decisions made during the process. The paper concludes with a case study examining the impact of trust assumptions on software that uses the secure electronic transaction (SET) specification.
ISSN:1090-705X
2332-6441
DOI:10.1109/ICRE.2004.1335668