Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

The trouble with security requirements

 
: Türpe, Sven

:
Fulltext urn:nbn:de:0011-n-4677407 (271 KByte PDF)
MD5 Fingerprint: 103ed9ff75cddf2631067e3ecbd4005d
Created on: 3.10.2017


Institute of Electrical and Electronics Engineers -IEEE-; IEEE Computer Society:
IEEE 25th International Requirements Engineering Conference, RE 2017. Proceedings : 4-8 September 2017, Lisbon, Portugal
Los Alamitos, Calif.: IEEE Computer Society Conference Publishing Services (CPS), 2017
ISBN: 978-1-5386-3191-1
ISBN: 978-1-5386-3192-8
pp.122-133
International Requirements Engineering Conference (RE) <25, 2017, Lisbon>
English
Conference Paper, Electronic Publication
Fraunhofer SIT ()
access control; analytical model; computer security; requirement engineering; software; stakeholder; computer security; information security; security risk; software design; solution design; system analysis and design; threat model; vulnerability

Abstract
Manifold approaches to security requirements engineering have been proposed, yet there is no consensus how to elicit, analyze, or express security needs. This perspective paper systematizes the problem space of security requirements engineering. Security needs result from the interplay of three dimensions: threats, security goals, and system design. Elementary statements can be made in each dimension, but such one-dimensional requirements remain partial and insufficient. To understand security needs, one has to analyze their interaction. Distinct analysis tasks arise for each pair of dimensions and are supported by different techniques: risk analysis, as in CORAS, between threats and security goals; security design, as exemplified by the framework of Haley et al., between goals and design; and security design analysis, such as Microsoft's threat modeling technique with data flow diagrams and STRIDE, between design and threats. All three perspectives are necessary to develop secure systems. Security requirements engineering must iterate through them, because threats determine the relevance of security goals, security design seeks ways to fulfill them, and design choices themselves influence threats and security goals.

: http://publica.fraunhofer.de/documents/N-467740.html