Using trust assumptions with security requirements.

Saved in:
Bibliographic Details
Title: Using trust assumptions with security requirements.
Authors: Haley, Charles1 C.B.Haley@open.ac.uk, Laney, Robin1 R.C.Laney@open.ac.uk, Moffett, Jonathan1 J.Moffett@open.ac.uk, Nuseibeh, Bashar1 B.Nuseibeh@open.ac.uk
Source: Requirements Engineering. May2006, Vol. 11 Issue 2, p138-151. 14p. 9 Diagrams.
Subjects: Computer security standards, Computer software development, Information technology, Computer systems, System analysis, Human-computer interaction
Abstract: Assumptions are frequently made during requirements analysis of a system about the trustworthiness of its various components (including human components). These trust assumptions, whether implicit or explicit, affect the scope of the analysis, derivation of security requirements, and in some cases how functionality is realized. This paper presents trust assumptions in the context of analysis of security requirements. A running example shows how trust assumptions can be used by a requirements engineer to help define and limit the scope of analysis and to document the decisions made during the process. The paper concludes with a case study examining the impact of trust assumptions on software that uses the secure electronic transaction specification. [ABSTRACT FROM AUTHOR]
Copyright of Requirements Engineering is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
FullText Links:
  – Type: pdflink
Text:
  Availability: 0
Header DbId: egs
DbLabel: Engineering Source
An: 19617676
AccessLevel: 6
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 0
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: Using trust assumptions with security requirements.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Haley%2C+Charles%22">Haley, Charles</searchLink><relatesTo>1</relatesTo><i> C.B.Haley@open.ac.uk</i><br /><searchLink fieldCode="AR" term="%22Laney%2C+Robin%22">Laney, Robin</searchLink><relatesTo>1</relatesTo><i> R.C.Laney@open.ac.uk</i><br /><searchLink fieldCode="AR" term="%22Moffett%2C+Jonathan%22">Moffett, Jonathan</searchLink><relatesTo>1</relatesTo><i> J.Moffett@open.ac.uk</i><br /><searchLink fieldCode="AR" term="%22Nuseibeh%2C+Bashar%22">Nuseibeh, Bashar</searchLink><relatesTo>1</relatesTo><i> B.Nuseibeh@open.ac.uk</i>
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="JN" term="%22Requirements+Engineering%22">Requirements Engineering</searchLink>. May2006, Vol. 11 Issue 2, p138-151. 14p. 9 Diagrams.
– Name: Subject
  Label: Subjects
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Computer+security+standards%22">Computer security standards</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+software+development%22">Computer software development</searchLink><br /><searchLink fieldCode="DE" term="%22Information+technology%22">Information technology</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+systems%22">Computer systems</searchLink><br /><searchLink fieldCode="DE" term="%22System+analysis%22">System analysis</searchLink><br /><searchLink fieldCode="DE" term="%22Human-computer+interaction%22">Human-computer interaction</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: Assumptions are frequently made during requirements analysis of a system about the trustworthiness of its various components (including human components). These trust assumptions, whether implicit or explicit, affect the scope of the analysis, derivation of security requirements, and in some cases how functionality is realized. This paper presents trust assumptions in the context of analysis of security requirements. A running example shows how trust assumptions can be used by a requirements engineer to help define and limit the scope of analysis and to document the decisions made during the process. The paper concludes with a case study examining the impact of trust assumptions on software that uses the secure electronic transaction specification. [ABSTRACT FROM AUTHOR]
– Name: AbstractSuppliedCopyright
  Label:
  Group: Ab
  Data: <i>Copyright of Requirements Engineering is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.)
PLink https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=19617676
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.1007/s00766-005-0023-4
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 14
        StartPage: 138
    Subjects:
      – SubjectFull: Computer security standards
        Type: general
      – SubjectFull: Computer software development
        Type: general
      – SubjectFull: Information technology
        Type: general
      – SubjectFull: Computer systems
        Type: general
      – SubjectFull: System analysis
        Type: general
      – SubjectFull: Human-computer interaction
        Type: general
    Titles:
      – TitleFull: Using trust assumptions with security requirements.
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Haley, Charles
      – PersonEntity:
          Name:
            NameFull: Laney, Robin
      – PersonEntity:
          Name:
            NameFull: Moffett, Jonathan
      – PersonEntity:
          Name:
            NameFull: Nuseibeh, Bashar
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 05
              Text: May2006
              Type: published
              Y: 2006
          Identifiers:
            – Type: issn-print
              Value: 09473602
          Numbering:
            – Type: volume
              Value: 11
            – Type: issue
              Value: 2
          Titles:
            – TitleFull: Requirements Engineering
              Type: main
ResultId 1