Options
2016
Conference Paper
Titel
Eliciting and refining requirements for comprehensible security
Abstract
In this work we introduce the principle of comprehensible security, which demands that the security of an IT system is understandable for stakeholders. In particular, all assumptions made for the security mechanisms of an IT system ought to be well documented. Based on this principle, we propose a conceptual framework that facilitates communication between developers and stakeholders. Our framework uses a goal-oriented approach where requirements are gradually refined. Each refinement corresponds to a specific stage of the development process. In addition, requirements originating from legal constraints are also considered in our framework, because it is indispensable to consider applicable law when developing an IT system. Furthermore, since designing secure IT systems is an interdisciplinary challenge, our framework was also developed to facilitate collaboration between experts of different subfields of computer science. To this end, our framework provides a method for decomposing security requirements into tasks addressed within specific subfields.