The effect of trust assumptions on the elaboration of security requirements

@article{Haley2004TheEO,
  title={The effect of trust assumptions on the elaboration of security requirements},
  author={Charles B. Haley and Robin C. Laney and Jonathan D. Moffett and Bashar Nuseibeh},
  journal={Proceedings. 12th IEEE International Requirements Engineering Conference, 2004.},
  year={2004},
  pages={102-111}
}
Assumptions are frequently made during requirements analysis of a system-to-be about the trustworthiness of its various components (including human components). These trust assumptions can affect the scope of the analysis, derivation of security requirements, and in some cases, how functionality is realized. This work presents trust assumptions in the context of analysis of security requirements. A running example shows how trust assumptions can be used by a requirements engineer to help define… 

Figures from this paper

Using trust assumptions with security requirements

TLDR
A running example shows how trust assumptions can be used by a requirements engineer to help define and limit the scope of analysis and to document the decisions made during the process.

Risky trust

TLDR
This paper presents a model using common security concepts to evaluate the security of a system under design and model the fact that small individual risks can be transformed into major risks when combined together in a complex attack.

Assessing the Effect of Software Failures on Trust Assumptions

  • Q. FengR. Lutz
  • Computer Science
    2008 19th International Symposium on Software Reliability Engineering (ISSRE)
  • 2008
TLDR
A technique to assess whether software failures during operational use can invalidate the trust assumptions and, hence, the adequacy of the software security identified four security-related software requirements for making the system more robust to denial-of-service attacks.

Engineering Trust Management into Software Models

TLDR
This paper proposes a multi-layer model detailing the integration of trust management access control with an application's model behavior and focuses on the Role-based Trust Management (RT) language and suggest concerns specific to it.

Arguing Satisfaction of Security Requirements

TLDR
The chapter will present a process for security requirements elicitation and analysis, based around the construction of a satisfaction argument for the security of a system, which starts with the enumeration of security goals based on assets in the system, then uses these goals to derive security requirements in the form of constraints.

The Trust Management Model of Trusted Software

TLDR
A layered framework for the trust management model of trusted software, including three layers: the application behavior layer, the trust check engineer layer, and the trust policy layer is proposed, attempting to organize a complex security design into simpler layers that can be evaluated against security requirements.

Problem-based Derivation of Trustworthiness Requirements from Users’ Trust Concerns

TLDR
A problem-based requirements engineering method that supports specifically the derivation of trustworthiness requirements is suggested and trustworthiness is designed into the cyber-physical systems (CPS) that support complex collaborative business processes.

A Framework for Systematic Refinement of Trustworthiness Requirements

TLDR
This paper proposes a user-centered trustworthiness requirement analysis and modeling framework that integrates the subjective trust concerns into goal models and embed them into business process models as objective trustworthiness requirements.

Security Requirements Engineering: A Framework for Representation and Analysis

TLDR
The framework is based on constructing a context for the system, representing security requirements as constraints, and developing satisfaction arguments for the security requirements, and is evaluated by applying it to a security requirements analysis within an air traffic control technology evaluation project.

Arguing security : a framework for analyzing security requirements

This book presents a framework for security requirements elicitation and analysis. The framework is based on constructing a context for the system, representing security requirements as constraints,
...

References

SHOWING 1-10 OF 29 REFERENCES

Picking Battles: The Impact of Trust Assumptions on the Elaboration of Security Requirements

TLDR
It is shown how trust assumptions can affect the scope of the analysis, derivation of security requirements, and in some cases how functionality is realized.

Trust Management Tools for Internet Applications

TLDR
The SULTAN trust management toolkit for the specification, analysis and monitoring of trust specifications is presented and the following components of the toolkit are presented: the Specification Editor, the Analysis Tool, the Risk Service and the Monitoring Service.

A framework for security requirements engineering

This paper presents a framework for security requirements elicitation and analysis, based upon the construction of a context for the system and satisfaction arguments for the security of the system.

Trust (and mistrust) in secure applications

TLDR
The common trust assumptions and why they are often wrong are considered, how these trust assumptions can arise during an application’s development process, and how to minimize the number of problematic trust assumptions in an application.

Deriving security requirements from crosscutting threat descriptions

TLDR
This paper illustrates how representing threats as crosscutting concerns aids in determining the effect of security requirements on the functional requirements of the system.

Abuse-case-based assurance arguments

  • J. McDermott
  • Computer Science
    Seventeenth Annual Computer Security Applications Conference
  • 2001
This paper describes an extension to abuse-case-based security requirements analysis that provides a lightweight means of increasing assurance in security relevant software. The approach is adaptable

Security requirements engineering: when anti-requirements hit the fan

TLDR
A vision is of a future in which the security requirements engineering process is informed by organisational theory, which would act as the bridge between the well-ordered world of the software project informed by conventional requirements and the unexpected world of anti-requirements associated with the malicious user.

Requirement Engineering Meets Security: A Case Study on Modelling Secure Electronic Transactions by VISA and Mastercard

TLDR
It is shown that the i*/Tropos framework lacks the ability to capture these essential features and needs to be augmented, and the key missing concept is the separation of the notion of offering a service and ownership of the very same service.

Eliciting security requirements with misuse cases

TLDR
This paper presents a systematic approach to eliciting security requirements based on use cases, with emphasis on description and method guidelines, and is potentially useful for several other types of extra-functional requirements beyond security.

Elaborating security requirements by construction of intentional anti-models

  • A. V. Lamsweerde
  • Computer Science
    Proceedings. 26th International Conference on Software Engineering
  • 2004
TLDR
The paper presents a constructive approach to the modeling, specification and analysis of application-specific security requirements, based on a goal-oriented framework for generating and resolving obstacles to goal satisfaction.