Arguing Satisfaction of Security Requirements

Arguing Satisfaction of Security Requirements

C. B. Haley (The Open University, UK), R. Laney (The Open University, UK), J. D. Moffett (The Open University, UK) and Bashar Nuseibeh (The Open University, UK)
DOI: 10.4018/978-1-59904-937-3.ch215
OnDemand PDF Download:
No Current Special Offers


This chapter presents a process for security requirements elicitation and analysis, based around the construction of a satisfaction argument for the security of a system. The process starts with the enumeration of security goals based on assets in the system, then uses these goals to derive security requirements in the form of constraints. Next, a satisfaction argument for the system is constructed, using a problem-centered representation, a formal proof to analyze properties that can be demonstrated, and structured informal argumentation of the assumptions exposed during construction of the argument. Constructing the satisfaction argument can expose missing and inconsistent assumptions about system context and behavior that effect security, and a completed argument provides assurances that a system can respect its security requirements.

Complete Chapter List

Search this Book: