Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

The trouble with security requirements

: Türpe, Sven

Volltext urn:nbn:de:0011-n-4677407 (271 KByte PDF)
MD5 Fingerprint: 103ed9ff75cddf2631067e3ecbd4005d
Erstellt am: 3.10.2017

Institute of Electrical and Electronics Engineers -IEEE-; IEEE Computer Society:
IEEE 25th International Requirements Engineering Conference, RE 2017. Proceedings : 4-8 September 2017, Lisbon, Portugal
Los Alamitos, Calif.: IEEE Computer Society Conference Publishing Services (CPS), 2017
ISBN: 978-1-5386-3191-1
ISBN: 978-1-5386-3192-8
International Requirements Engineering Conference (RE) <25, 2017, Lisbon>
Konferenzbeitrag, Elektronische Publikation
Fraunhofer SIT ()
access control; analytical model; computer security; requirement engineering; software; stakeholder; computer security; information security; security risk; software design; solution design; system analysis and design; threat model; vulnerability

Manifold approaches to security requirements engineering have been proposed, yet there is no consensus how to elicit, analyze, or express security needs. This perspective paper systematizes the problem space of security requirements engineering. Security needs result from the interplay of three dimensions: threats, security goals, and system design. Elementary statements can be made in each dimension, but such one-dimensional requirements remain partial and insufficient. To understand security needs, one has to analyze their interaction. Distinct analysis tasks arise for each pair of dimensions and are supported by different techniques: risk analysis, as in CORAS, between threats and security goals; security design, as exemplified by the framework of Haley et al., between goals and design; and security design analysis, such as Microsoft's threat modeling technique with data flow diagrams and STRIDE, between design and threats. All three perspectives are necessary to develop secure systems. Security requirements engineering must iterate through them, because threats determine the relevance of security goals, security design seeks ways to fulfill them, and design choices themselves influence threats and security goals.