Abstract
This position paper describes work on trust assumptions in the context of security requirements. We show how trust assumptions can affect the scope of the analysis, derivation of security requirements, and in some cases how functionality is realized. An example shows how trust assumptions are used by a requirements engineer to help define and limit the scope of analysis and to document the decisions made during the process.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Crook, R., Ince, D., Lin, L., Nuseibeh, B.: Security Requirements Engineering: When Anti-Requirements Hit the Fan. In: Proceedings of the IEEE Joint International Conference on Requirements Engineering (RE 2002), Essen, Germany, pp. 203–205 (2002)
Gans, G., et al.: Requirements Modeling for Organization Networks: A (Dis)Trust-Based Approach. In: 5th IEEE International Symposium on Requirements Engineering (RE 2001), August 27-31, pp. 154–165. IEEE Computer Society Press, Toronto (2001)
Giorgini, P., Massacci, F., Mylopoulos, J.: Requirement Engineering Meets Security: A Case Study on Modelling Secure Electronic Transactions by VISA and Mastercard. In: Song, I.-Y., Liddle, S.W., Ling, T.-W., Scheuermann, P. (eds.) ER 2003. LNCS, vol. 2813, pp. 263–276. Springer, Heidelberg (2003)
Grandison, T., Sloman, M.: Trust Management Tools for Internet Applications. In: Nixon, P., Terzis, S. (eds.) iTrust 2003. LNCS, vol. 2692, pp. 91–107. Springer, Heidelberg (2003)
Haley, C.B., Laney, R.C., Nuseibeh, B.: Deriving Security Requirements from Crosscutting Threat Descriptions. In: Proceedings of the Fourth International Conference on Aspect-Oriented Software Development (AOSD 2004), March 22-26, ACM Press, Lancaster (2004)
He, Q., Antón, A.I.: A Framework for Modeling Privacy Requirements in Role Engineering. In: Eder, J., Missikoff, M. (eds.) CAiSE 2003. LNCS, vol. 2681, Springer, Heidelberg (2003)
ISO/IEC: Information Technology - Security Techniques - Evaluation Criteria for IT Security - Part 1: Introduction and General Model. ISO/IEC: Geneva Switzerland, 15408-1 (December 1, 1999)
Jackson, M.: Problem Frames. Addison-Wesley, Reading (2001)
van Lamsweerde, A., Brohez, S., De Landtsheer, R., Janssens, D.: From System Goals to Intruder Anti-Goals: Attack Generation and Resolution for Security Requirements Engineering. In: Requirements for High Assurance Systems Workshop (RHAS 2003), Eleventh International Requirements Engineering Conference (RE 2003), Monterey, CA USA, September 8 (2003)
Lin, L., Nuseibeh, B., Ince, D., Jackson, M., Moffett, J.: Introducing Abuse Frames for Analyzing Security Requirements. In: Proceedings of the 11th IEEE International Requirements Engineering Conference (RE 2003), Monterey CA USA, September 8-12, pp. 371–372 (2003)
Moffett, J.D., Nuseibeh, B.: A Framework for Security Requirements Engineering, Department of Computer Science. University of York, UK, YCS368 (August 2003)
Pfleeger, C.P., Pfleeger, S.L.: Security in Computing. Prentice-Hall, Englewood Cliffs (2002)
Viega, J., McGraw, G.: Building Secure Software: How to Avoid Security Problems the Right Way. Addison-Wesley, Reading (2002)
Yu, E.: Towards Modelling and Reasoning Support for Early-Phase Requirements Engineering. In: Proceedings of the Third IEEE International Symposium on Requirements Engineering (RE 1997), Annapolis MD USA, January 6-10, pp. 226–235 (1997)
Yu, E., Cysneiros, L.M.: Designing for Privacy and Other Competing Requirements. In: Second Symposium on Requirements Engineering for Information Security (SREIS 2002), Raleigh, NC USA, October 15-16 (2002)
Yu, E., Liu, L.: Modelling Trust for System Design Using the i* Strategic Actors Framework. In: Falcone, R., Singh, M., Tan, Y.-H. (eds.) AA-WS 2000. LNCS (LNAI), vol. 2246, pp. 175–194. Springer, Heidelberg (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Haley, C.B., Laney, R.C., Moffett, J.D., Nuseibeh, B. (2004). Picking Battles: The Impact of Trust Assumptions on the Elaboration of Security Requirements. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds) Trust Management. iTrust 2004. Lecture Notes in Computer Science, vol 2995. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24747-0_27
Download citation
DOI: https://doi.org/10.1007/978-3-540-24747-0_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21312-3
Online ISBN: 978-3-540-24747-0
eBook Packages: Springer Book Archive