This chapter presents a process for security requirements elicitation and analysis, based around the construction of a satisfaction argument for the security of a system. The process starts with the enumeration of security goals based on assets in the system, then uses these goals to derive security requirements in the form of constraints. Next, a satisfaction argument for the system is constructed, using a problem-centered representation, a formal proof to analyze properties that can be demonstrated, and structured informal argumentation of the assumptions exposed during construction of the argument. Constructing the satisfaction argument can expose missing and inconsistent assumptions about system context and behavior that effect...
AbstractSecurity is often an afterthought during software development. Realizing security early, esp...
peer reviewedIncreasingly, engineers need to approach security and software engineering in a unified...
Defining security requirements is the important first step in designing, implementing and evaluating...
This paper proposes using both formal and structured informal arguments to show that an eventual rea...
This paper presents a framework for security requirements elicitation and analysis. The framework is...
When considering the security of a system, the analyst must simultaneously work with two types of pr...
This paper presents a framework for security requirements elicitation and analysis, based upon the ...
When considering the security of a system, the analyst must simultaneously work with two types of pr...
When considering the security of a system, the analyst must simultaneously work with two types of pr...
This paper proposes using both formal and structured informal arguments to show that an eventual rea...
Context: Security considerations are typically incorporated in the later stages of development as an...
This position paper describes work on trust assumptions in the con-text of security requirements. We...
The elaboration of requirements is a crucial step in the development of software-intensive security-...
International audienceRecent security concerns related to future embedded systems make enforcement o...
It is generally accepted that early determination of the stakeholder requirements assists in the dev...
AbstractSecurity is often an afterthought during software development. Realizing security early, esp...
peer reviewedIncreasingly, engineers need to approach security and software engineering in a unified...
Defining security requirements is the important first step in designing, implementing and evaluating...
This paper proposes using both formal and structured informal arguments to show that an eventual rea...
This paper presents a framework for security requirements elicitation and analysis. The framework is...
When considering the security of a system, the analyst must simultaneously work with two types of pr...
This paper presents a framework for security requirements elicitation and analysis, based upon the ...
When considering the security of a system, the analyst must simultaneously work with two types of pr...
When considering the security of a system, the analyst must simultaneously work with two types of pr...
This paper proposes using both formal and structured informal arguments to show that an eventual rea...
Context: Security considerations are typically incorporated in the later stages of development as an...
This position paper describes work on trust assumptions in the con-text of security requirements. We...
The elaboration of requirements is a crucial step in the development of software-intensive security-...
International audienceRecent security concerns related to future embedded systems make enforcement o...
It is generally accepted that early determination of the stakeholder requirements assists in the dev...
AbstractSecurity is often an afterthought during software development. Realizing security early, esp...
peer reviewedIncreasingly, engineers need to approach security and software engineering in a unified...
Defining security requirements is the important first step in designing, implementing and evaluating...