Analyzing and Specifying Reusable Security Requirements
نویسنده
چکیده
A system cannot have high assurance if it has poor security, and thus, requirements for high assurance systems will logically include security requirements as well as availability, reliability, and robustness requirements. Unlike typical functional requirements, security requirements can potentially be highly reusable, especially if specified as instances of reusable templates. This paper discusses the value of reusable parameterized templates for specifying security requirements, provides an example of such a template and its associated usage, and outlines an asset-based analysis approach for determining the appropriate actual parameters to use when reusing parameterized templates to specify security requirements.
منابع مشابه
Specifying Reusable Security Requirements
Unlike typical functional requirements, security requirements can potentially be highly reusable, especially if specified as instances of reusable templates. In this column, I will discuss the concepts underlying security engineering including its quality subfactors. I will then address the issue of security requirements and how they differ from the architectural mechanisms that will fulfill th...
متن کاملManaging Security in Object-based Distributed Systems Using Ponder
Security management involves specification and deployment of access control policies as well as activities such as registration of users or logging and auditing events for dealing with access to critical resources or security violations. The management actions to be performed when an event occurs depend on the enterprise policy. Reusable composite policy specifications are important to cater fo...
متن کاملA Taxonomy of Security-Related Requirements
Safety and security are closely related subtypes of defensibility, another quality factor in a quality model. The close similarity between these two quality factors implies that a taxonomy of safety-related requirements is a good place to begin when developing an analogous taxonomy of security-related requirements. The resulting taxonomy consists of pure security requirements specifying minimum...
متن کاملDesigning Secure Systems Based on Open Architectures with Open Source and Closed Source Components
The development and evolution of secure open architecture systems has received insufficient consideration. Such systems are composed of both open source and closed software software components subject to different security requirements in an architecture in which evolution can occur by evolving existing components, replacing them, or refactoring their interfaces, interconnections and configurat...
متن کاملAttack Patterns for Security Requirements Engineering
The importance of security concerns at requirements engineering time is increasingly recognized. However, little support is available to help requirements engineers elaborate adequate, consistent, and complete security requirements. The paper presents a reuse-based approach for modeling, specifying, and analyzing application-specific security requirements. The method is based on a goal-oriented...
متن کامل