Reference : Suspicion-driven formal analysis of security requirements
Scientific congresses, symposiums and conference proceedings : Paper published in a journal
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/4736
Suspicion-driven formal analysis of security requirements
English
Amalio, Nuno mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
2009
SECURWARE 2009
IEEE
Yes
SECURWARE 2009
2009
Athens
Greece
[en] Security ; requirements ; formal analysis ; Event-Calculus ; planning ; confidentiality ; separation of duty
[en] Increasingly, engineers need to approach security and software engineering in a unified way. This paper presents an approach to the formal analysis of security requirements that is based on planning and uses the concept of suspicion to guide the search for threats and security vulnerabilities in requirements. The approach is tested and illustrated by conducting two experiments: one focussing on a system with a confidentiality security property, and another with an integrity security property enforced through the separation of duty principle. The paper shows that suspicion plays an important role in finding vulnerabilities and security threats in requirements.
http://hdl.handle.net/10993/4736
10.1109/SECURWARE.2009.40

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
SECURWARE09.pdfPublisher postprint260.64 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.