[CSUSB]>> [CNS]>> [CSE]>> [R J Botting]>> biba.php

Bibliographic Item (1.0)

HaleyLaneyMoffettNuseibeh08
  1. Charles B Haley & Robert Laney & Jonathon Moffett & Bashar Nuseibeh
  2. Security Requirements engineering: A Framework for Representation and Analysis
  3. IEEE Trans Software Engineering V34n1(Jan/Feb 2008)pp133-153
  4. =CASESTUDY SECURITY REQUIREMENTS METHOD
  5. Describes a complex process and set of languages that work from security goals, to assets that are to be protected (compare [Stoneburner06] ), to requirements, thence to arguments for a particular system design satisfying the requirements, and so to the assumptions that can be rebutted, and the mitigation of the rebuttals and so forth.
  6. Security requirements are non-functional requirements and are closely related to the context of the machine being designed.
  7. Must expose assumptions about the machine and its context.
  8. Arguments that the system satisfies the requirements lead to lists of assumptions that can be challenged (WHY?) and rebutted.
  9. Rebuttals lead to mitigators that change the context and/or the requirments. In turn the mitigators can be rebutted, and so on.
  10. Hence an iterative process making the design more secure.
  11. Uses Jackson Problem Frames ( [Jackson95c] [Jackson01] ), simplified [Toulmin79] arguments, Propositional logic, and a causal logic based on
  12. Event1 shall cause Event2.
  13. Outer_argument::=Formal logic showing the design satisfies the requirement and exposing assumptions
  14. Inner_argument::=Explores assumptions in terms of rebuttals and mitigators.
  15. Process involves engineers and stakeholders in intense and fruitful discussion.
  16. (dick)|-Compare [Lakatos76] model of the mathematical process. Also methods used to achieve safety.

Search for bibliographic items containing a matching string.


(Search uses POSIX regular expressions and ignores case)

Search for a specific bibliographic item by name.



To see the complete bibliography (1Mb+) select:[Bibliography]