We use the following software development problem as a case study to demonstrate the techniques presented in this paper.
A secure text editor should be developed. The text editor should enable an author to create, edit, open, and save text files. The text files should be stored confidentially.
The informal security requirement (SR1) can be described as follows:
Preserve confidentiality of text file except for its file length for honest environment and prevent disclosure to malicious environment.
Note: We decide to focus on storing text files confidentially. The given software development problem can also be interpreted such that the security requirement also covers confidential editing operations, e.g., confidential clipboard copies. To simplify matters, this is not covered in the security requirements analysis presented in this paper. For the same reason, the create and edit functionality of the secure text editor is not covered in our case study. Practically, it is very difficult to develop 100% confidential systems. Hence, as an example, we discuss an SR that allows the secure text editor to leak the text file length.