Threat and Risk-Driven Security Requirements Engineering

Threat and Risk-Driven Security Requirements Engineering

Holger Schmidt (Technical University of Dortmund, Germany)
DOI: 10.4018/978-1-4666-2163-3.ch003


In this paper, the author aim to present a threat and risk-driven methodology to security requirements engineering. The chosen approach has a strong focus on gathering, modeling, and analyzing the environment in which a secure ICT-system to be built is located. The knowledge about the environment comprises threat and risk models. As presented in the paper, this security-relevant knowledge is used to assess the adequacy of security mechanisms, which are then selected to establish security requirements.
Chapter Preview

Case Study

We use the following software development problem as a case study to demonstrate the techniques presented in this paper.

A secure text editor should be developed. The text editor should enable an author to create, edit, open, and save text files. The text files should be stored confidentially. The informal security requirement (SR1) can be described as follows:

Preserve confidentiality of text file except for its file length for honest environment and prevent disclosure to malicious environment.

Note that we decided to focus on storing text files confidentially. The given software development problem can also be interpreted such that the security requirement also covers confidential editing operations, e.g., confidential clipboard copies. To simplify matters, this is not covered in the security requirements analysis presented in this paper. For the same reason, the create and edit functionality of the secure text editor is not covered in our case study. Practically, it is very difficult to develop 100% confidential systems. Hence, as an example, we discuss an SR that allows the secure text editor to leak the text file length.

Complete Chapter List

Search this Book: