The effect of trust assumptions on the elaboration of security requirements

  title={The effect of trust assumptions on the elaboration of security requirements},
  author={Charles B. Haley and Robin C. Laney and J. Moffett and B. Nuseibeh},
  journal={Proceedings. 12th IEEE International Requirements Engineering Conference, 2004.},
  • Charles B. Haley, Robin C. Laney, +1 author B. Nuseibeh
  • Published 2004
  • Computer Science
  • Proceedings. 12th IEEE International Requirements Engineering Conference, 2004.
  • Assumptions are frequently made during requirements analysis of a system-to-be about the trustworthiness of its various components (including human components). These trust assumptions can affect the scope of the analysis, derivation of security requirements, and in some cases, how functionality is realized. This work presents trust assumptions in the context of analysis of security requirements. A running example shows how trust assumptions can be used by a requirements engineer to help define… CONTINUE READING
    67 Citations
    Using trust assumptions with security requirements
    • 54
    • PDF
    Assessing the Effect of Software Failures on Trust Assumptions
    • Q. Feng, R. Lutz
    • Computer Science
    • 2008 19th International Symposium on Software Reliability Engineering (ISSRE)
    • 2008
    • 2
    Engineering Trust Management into Software Models
    • 9
    • PDF
    The Trust Management Model of Trusted Software
    • 2
    Problem-based Derivation of Trustworthiness Requirements from Users’ Trust Concerns
    • 1
    A Framework for Systematic Refinement of Trustworthiness Requirements
    • 7
    • PDF
    Security Requirements Engineering: A Framework for Representation and Analysis
    • 423
    • PDF


    Trust Management Tools for Internet Applications
    • 173
    • PDF
    A framework for security requirements engineering
    • 170
    • PDF
    Trust (and mistrust) in secure applications
    • 102
    Deriving security requirements from crosscutting threat descriptions
    • 105
    • PDF
    Abuse-case-based assurance arguments
    • J. McDermott
    • Computer Science
    • Seventeenth Annual Computer Security Applications Conference
    • 2001
    • 76
    Security requirements engineering: when anti-requirements hit the fan
    • 119
    • PDF
    Eliciting security requirements with misuse cases
    • 936
    • PDF
    Elaborating security requirements by construction of intentional anti-models
    • A. V. Lamsweerde
    • Engineering, Computer Science
    • Proceedings. 26th International Conference on Software Engineering
    • 2004
    • 452
    • PDF