Systematic elicitation of security requirements in the context of AmI systems

Security is an emergent property of a system that cannot be added to the system design independently of functional features. Security requirements have to be addressed from the beginning of the system development. Unfortunately, software security engineering is still a relatively immature discipline even for conventional software systems. With the advent of systems designed according to the new paradigm of ambient intelligence (AmI), new security problems arise. In this report, we present useful approaches for a systematic elicitation of security requirements as a first step towards the engineering paradigm «secure by design». We survey existing methods and discuss their applicability in the context of the engineering of ambient intelligence systems. We address shortcomings of traditional approaches and suggest extensions to better cover the specific security needs of AmI systems.