Using trust assumptions with security requirements |
| |
| Authors: | Charles B Haley Robin C Laney Jonathan D Moffett Bashar Nuseibeh |
| |
| Affiliation: | (1) Department of Computing, The Open University, Walton Hall, MK7 6AA Milton Keynes, UK |
| |
| Abstract: | Assumptions are frequently made during requirements analysis of a system about the trustworthiness of its various components
(including human components). These trust assumptions, whether implicit or explicit, affect the scope of the analysis, derivation
of security requirements, and in some cases how functionality is realized. This paper presents trust assumptions in the context
of analysis of security requirements. A running example shows how trust assumptions can be used by a requirements engineer
to help define and limit the scope of analysis and to document the decisions made during the process. The paper concludes
with a case study examining the impact of trust assumptions on software that uses the secure electronic transaction specification.
|
| |
| Keywords: | |
| 本文献已被 SpringerLink 等数据库收录! |
|
