Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Eliciting and refining requirements for comprehensible security

 
: Broadnax, B.; Birnstill, Pascal; Müller-Quade, J.; Beyerer, Jürgen

:
Volltext urn:nbn:de:0011-n-4189146 (325 KByte PDF)
MD5 Fingerprint: 2018e0df3eb14b3ceb495eac8565a014
Erstellt am: 4.11.2016


Ambacher, Oliver (Ed.); Wagner, Joachim (Ed.); Quay, Rüdiger (Ed.) ; Fraunhofer-Institut für Angewandte Festkörperphysik -IAF-, Freiburg/Brsg.:
Security Research Conference. 11th Future Security : Berlin, September 13-14, 2016. Proceedings
Stuttgart: Fraunhofer Verlag, 2016
ISBN: 978-3-8396-1011-4
S.323-330
Security Research Conference "Future Security" <11, 2016, Berlin>
Englisch
Konferenzbeitrag, Elektronische Publikation
Fraunhofer IOSB ()
information security; security requirements; comprehensible security

Abstract
In this work we introduce the principle of comprehensible security, which demands that the security of an IT system is understandable for stakeholders. In particular, all assumptions made for the security mechanisms of an IT system ought to be well documented. Based on this principle, we propose a conceptual framework that facilitates communication between developers and stakeholders. Our framework uses a goal-oriented approach where requirements are gradually refined. Each refinement corresponds to a specific stage of the development process. In addition, requirements originating from legal constraints are also considered in our framework, because it is indispensable to consider applicable law when developing an IT system. Furthermore, since designing secure IT systems is an interdisciplinary challenge, our framework was also developed to facilitate collaboration between experts of different subfields of computer science. To this end, our framework provides a method for decomposing security requirements into tasks addressed within specific subfields.

: http://publica.fraunhofer.de/dokumente/N-418914.html