Title :
The effect of trust assumptions on the elaboration of security requirements
Author :
Haley, Charles B. ; Laney, Robin C. ; Moffett, Jonathan D. ; Nuseibeh, Bashar
Author_Institution :
Dept. of Comput., Open Univ., Milton Keynes, UK
Abstract :
Assumptions are frequently made during requirements analysis of a system-to-be about the trustworthiness of its various components (including human components). These trust assumptions can affect the scope of the analysis, derivation of security requirements, and in some cases, how functionality is realized. This work presents trust assumptions in the context of analysis of security requirements. A running example shows how trust assumptions can be used by a requirements engineer to help define and limit the scope of analysis and to document the decisions made during the process. The paper concludes with a case study examining the impact of trust assumptions on software that uses the secure electronic transaction (SET) specification.
Keywords :
electronic commerce; formal specification; security of data; requirements analysis; requirements engineering; secure electronic transaction specification; security requirements; trust assumptions; Accidents; Computer science; Computer security; Design engineering; Educational institutions; Humans; Information security; Maintenance engineering; Protection; Text analysis;
Conference_Titel :
Requirements Engineering Conference, 2004. Proceedings. 12th IEEE International
Print_ISBN :
0-7695-2174-6
DOI :
10.1109/ICRE.2004.1335668
