Arguing Satisfaction of Security Requirements

Arguing Satisfaction of Security Requirements

C. B. Haley (The Open University, UK), R. Laney (The Open University, UK), J. D. Moffett (The Open University, UK) and B. Nuseibeh (The Open University, UK)
DOI: 10.4018/978-1-59904-147-6.ch002
OnDemand PDF Download:


This chapter presents a process for security requirements elicitation and analysis, based around the construction of a satisfaction argument for the security of a system. The process starts with the enumeration of security goals based on assets in the system, then uses these goals to derive security requirements in the form of constraints. Next, a satisfaction argument for the system is constructed, using a problem-centered representation, a formal proof to analyze properties that can be demonstrated, and structured informal argumentation of the assumptions exposed during construction of the argument. Constructing the satisfaction argument can expose missing and inconsistent assumptions about system context and behavior that effect security, and a completed argument provides assurances that a system can respect its security requirements.

Complete Chapter List

Search this Book:
Table of Contents
Bashar Nuseibeh
Paolo Giorgini, Haralambos Mouratidis
Chapter 1
H. Mouratidis, P. Giorgini
This chapter serves as an introduction to this book. It introduces software engineer-ing, security engineering, and secure software engineering... Sample PDF
Integrating Security and Software Engineering: An Introduction
Chapter 2
C. B. Haley, R. Laney, J. D. Moffett, B. Nuseibeh
This chapter presents a process for security requirements elicitation and analysis, based around the construction of a satisfaction argument for the... Sample PDF
Arguing Satisfaction of Security Requirements
Chapter 3
N. R. Mead
In this chapter, we describe general issues in developing security requirements, meth-ods that have been useful, and a method (SQUARE) that can be... Sample PDF
Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method
Chapter 4
E. Yu, L. Liu, J. Mylopoulous
As software becomes more and more entrenched in everyday life in today’s society, security looms large as an unsolved problem. Despite advances in... Sample PDF
A Social Ontology for Integrating Security and Software Engineering
Chapter 5
E. B. Fernandez, M. M. Larrondo-Petrie, T. Sorgente, M. Vanhilst
We are developing a methodology to build secure software for complex applications and its related support. This methodology considers the whole... Sample PDF
A Methodology to Develop Secure Systems Using Patterns
Chapter 6
M. Weiss
While many theoretical approaches to security engineering exist, they are often limited to systems of a certain complexity, and require security... Sample PDF
Modelling Security Patterns Using NFR Analysis
Chapter 7
M. Siponen, R. Baskerville, R. Kuivalainen
Software developers can use agile software development methods to build secure information systems. Current agile methods have few (if any) explicit... Sample PDF
Extending Security in Agile Software Development Methods
Chapter 8
P. Giorgini, H. Mouratidis, N. Zannone
Although the concepts of security and trust play an important issue in the development of information systems, they have been mainly neglected by... Sample PDF
Modelling Security and Trust with Secure Tropos
Chapter 9
S. H. Houmb, G. Georg, J. Jurjens, R. France
This chapter describes the integrated security veri?cation and security solution design trade-off analysis (SVDT) approach. SVDT is useful when... Sample PDF
An Integrated Security Verification and Security Solution Design Trade-Off Analysis Approach
Chapter 10
M. Koch, F. Parisi-Presicce, K. Pauls
Security requirements have become an integral part of most modern software systems. In order to produce secure systems, it is necessary to provide... Sample PDF
Access Control Specification in UML
Chapter 11
A. Mana, C. Rudolph, G. Spanoudakis, V. Lotz, F. Massacci, M. Melideo, J. S. Lopez-Cobo
The scenarios of Ambient Intelligence introduce a new computing paradigm and set new challenges for the design and engineering of secure and... Sample PDF
Security Engineering for Ambient Intelligence: A Manifesto
Chapter 12
H. Mouratidis, P. Giorgini
The previous chapters of this book have presented promising approaches in the secure software engineering ?eld. However, the ?eld is still in its... Sample PDF
Integrating Security and Software Engineering: Future Vision and Challenges
About the Authors