Using trust assumptions with security requirements.
Saved in:
| Title: | Using trust assumptions with security requirements. |
|---|---|
| Authors: | Haley, Charles1 C.B.Haley@open.ac.uk, Laney, Robin1 R.C.Laney@open.ac.uk, Moffett, Jonathan1 J.Moffett@open.ac.uk, Nuseibeh, Bashar1 B.Nuseibeh@open.ac.uk |
| Source: | Requirements Engineering. May2006, Vol. 11 Issue 2, p138-151. 14p. 9 Diagrams. |
| Subjects: | Computer security standards, Computer software development, Information technology, Computer systems, System analysis, Human-computer interaction |
| Abstract: | Assumptions are frequently made during requirements analysis of a system about the trustworthiness of its various components (including human components). These trust assumptions, whether implicit or explicit, affect the scope of the analysis, derivation of security requirements, and in some cases how functionality is realized. This paper presents trust assumptions in the context of analysis of security requirements. A running example shows how trust assumptions can be used by a requirements engineer to help define and limit the scope of analysis and to document the decisions made during the process. The paper concludes with a case study examining the impact of trust assumptions on software that uses the secure electronic transaction specification. [ABSTRACT FROM AUTHOR] |
| Copyright of Requirements Engineering is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) | |
| Database: | Engineering Source |
| FullText | Links: – Type: pdflink Text: Availability: 0 |
|---|---|
| Header | DbId: egs DbLabel: Engineering Source An: 19617676 AccessLevel: 6 PubType: Academic Journal PubTypeId: academicJournal PreciseRelevancyScore: 0 |
| IllustrationInfo | |
| Items | – Name: Title Label: Title Group: Ti Data: Using trust assumptions with security requirements. – Name: Author Label: Authors Group: Au Data: <searchLink fieldCode="AR" term="%22Haley%2C+Charles%22">Haley, Charles</searchLink><relatesTo>1</relatesTo><i> C.B.Haley@open.ac.uk</i><br /><searchLink fieldCode="AR" term="%22Laney%2C+Robin%22">Laney, Robin</searchLink><relatesTo>1</relatesTo><i> R.C.Laney@open.ac.uk</i><br /><searchLink fieldCode="AR" term="%22Moffett%2C+Jonathan%22">Moffett, Jonathan</searchLink><relatesTo>1</relatesTo><i> J.Moffett@open.ac.uk</i><br /><searchLink fieldCode="AR" term="%22Nuseibeh%2C+Bashar%22">Nuseibeh, Bashar</searchLink><relatesTo>1</relatesTo><i> B.Nuseibeh@open.ac.uk</i> – Name: TitleSource Label: Source Group: Src Data: <searchLink fieldCode="JN" term="%22Requirements+Engineering%22">Requirements Engineering</searchLink>. May2006, Vol. 11 Issue 2, p138-151. 14p. 9 Diagrams. – Name: Subject Label: Subjects Group: Su Data: <searchLink fieldCode="DE" term="%22Computer+security+standards%22">Computer security standards</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+software+development%22">Computer software development</searchLink><br /><searchLink fieldCode="DE" term="%22Information+technology%22">Information technology</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+systems%22">Computer systems</searchLink><br /><searchLink fieldCode="DE" term="%22System+analysis%22">System analysis</searchLink><br /><searchLink fieldCode="DE" term="%22Human-computer+interaction%22">Human-computer interaction</searchLink> – Name: Abstract Label: Abstract Group: Ab Data: Assumptions are frequently made during requirements analysis of a system about the trustworthiness of its various components (including human components). These trust assumptions, whether implicit or explicit, affect the scope of the analysis, derivation of security requirements, and in some cases how functionality is realized. This paper presents trust assumptions in the context of analysis of security requirements. A running example shows how trust assumptions can be used by a requirements engineer to help define and limit the scope of analysis and to document the decisions made during the process. The paper concludes with a case study examining the impact of trust assumptions on software that uses the secure electronic transaction specification. [ABSTRACT FROM AUTHOR] – Name: AbstractSuppliedCopyright Label: Group: Ab Data: <i>Copyright of Requirements Engineering is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.) |
| PLink | https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=19617676 |
| RecordInfo | BibRecord: BibEntity: Identifiers: – Type: doi Value: 10.1007/s00766-005-0023-4 Languages: – Code: eng Text: English PhysicalDescription: Pagination: PageCount: 14 StartPage: 138 Subjects: – SubjectFull: Computer security standards Type: general – SubjectFull: Computer software development Type: general – SubjectFull: Information technology Type: general – SubjectFull: Computer systems Type: general – SubjectFull: System analysis Type: general – SubjectFull: Human-computer interaction Type: general Titles: – TitleFull: Using trust assumptions with security requirements. Type: main BibRelationships: HasContributorRelationships: – PersonEntity: Name: NameFull: Haley, Charles – PersonEntity: Name: NameFull: Laney, Robin – PersonEntity: Name: NameFull: Moffett, Jonathan – PersonEntity: Name: NameFull: Nuseibeh, Bashar IsPartOfRelationships: – BibEntity: Dates: – D: 01 M: 05 Text: May2006 Type: published Y: 2006 Identifiers: – Type: issn-print Value: 09473602 Numbering: – Type: volume Value: 11 – Type: issue Value: 2 Titles: – TitleFull: Requirements Engineering Type: main |
| ResultId | 1 |