This position paper describes work on trust assumptions in the con-text of security requirements. We show how trust assumptions can affect the scope of the analysis, derivation of security requirements, and in some cases how functionality is realized. An example shows how trust assumptions are used by a requirements engineer to help define and limit the scope of analysis and to document the decisions made during the process
Abstract — As information security became an increasing concern for software developers and users, r...
In order to be effective, secure systems need to be both correct (i.e. effective when used as intend...
The last years have seen a number of proposals to incorporate Security Engineering into mainstream S...
When considering the security of a system, the analyst must simultaneously work with two types of pr...
When considering the security of a system, the analyst must simultaneously work with two types of pr...
When considering the security of a system, the analyst must simultaneously work with two types of pr...
This paper presents a framework for security requirements elicitation and analysis. The framework is...
This paper proposes using both formal and structured informal arguments to show that an eventual rea...
This paper presents a framework for security requirements elicitation and analysis, based upon the ...
It is generally accepted that early determination of the stakeholder requirements assists in the dev...
Everyone agrees that security is a problem, ranging from Microsoft to the banks that have been rece...
Research shows that commonly accepted security requirements are not generally applied in practice. I...
Part 1: Invited PaperInternational audienceThe computer security community has traditionally regarde...
Employing a design solution can satisfy some requirements while having negative side-effects on some...
As IT-systems become more complex they become more susceptible to suffering of security threats and ...
Abstract — As information security became an increasing concern for software developers and users, r...
In order to be effective, secure systems need to be both correct (i.e. effective when used as intend...
The last years have seen a number of proposals to incorporate Security Engineering into mainstream S...
When considering the security of a system, the analyst must simultaneously work with two types of pr...
When considering the security of a system, the analyst must simultaneously work with two types of pr...
When considering the security of a system, the analyst must simultaneously work with two types of pr...
This paper presents a framework for security requirements elicitation and analysis. The framework is...
This paper proposes using both formal and structured informal arguments to show that an eventual rea...
This paper presents a framework for security requirements elicitation and analysis, based upon the ...
It is generally accepted that early determination of the stakeholder requirements assists in the dev...
Everyone agrees that security is a problem, ranging from Microsoft to the banks that have been rece...
Research shows that commonly accepted security requirements are not generally applied in practice. I...
Part 1: Invited PaperInternational audienceThe computer security community has traditionally regarde...
Employing a design solution can satisfy some requirements while having negative side-effects on some...
As IT-systems become more complex they become more susceptible to suffering of security threats and ...
Abstract — As information security became an increasing concern for software developers and users, r...
In order to be effective, secure systems need to be both correct (i.e. effective when used as intend...
The last years have seen a number of proposals to incorporate Security Engineering into mainstream S...