Abstract
We present an approach to security requirements engineering, which makes use of special kinds of problem frames that serve to structure, characterize, analyze, and solve software development problems in the area of software and system security.
In this paper, we focus on confidentiality problems. We enhance previously published work by formal behavioral frame descriptions, which enable software engineers to unambiguously specify security requirements. Consequently, software engineers can prove that the envisaged solutions provide functional correctness and that the solutions fulfill the specified security requirements.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Haley, C., Laney, R., Moffett, J., Nuseibeh, B.: Picking battles: The impact of trust assumptions on the elaboration of security requirements. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds.) iTrust 2004. LNCS, vol. 2995, pp. 347–354. Springer, Heidelberg (2004)
Haley, C.B., Laney, R., Moffett, J., Nuseibeh, B.: Security requirements engineering: A framework for representation and analysis. IEEE Transactions on Software Engineering 34(1), 133–153 (2008)
Haley, C.B., Moffett, J.D., Laney, R., Nuseibeh, B.: Arguing security: Validating security requirements using structured argumentation. In: Proceedings of the 3rd Symposium on Requirements Engineering for Information Security (SREIS 2005) held in conjunction with the 13th International Requirements Engineering Conference (RE 2005) (2005)
Hatebur, D., Heisel, M., Schmidt, H.: Security engineering using problem frames. In: Müller, G. (ed.) ETRICS 2006. LNCS, vol. 3995, pp. 238–253. Springer, Heidelberg (2006)
Hatebur, D., Heisel, M., Schmidt, H.: A pattern system for security requirements engineering. In: Proceedings of the International Conference on Availability, Reliability and Security (AReS), pp. 356–365. IEEE, Los Alamitos (2007)
Hatebur, D., Heisel, M., Schmidt, H.: A security engineering process based on patterns. In: Proceedings of the International Workshop on Secure Systems Methodologies using Patterns (SPatterns), pp. 734–738. IEEE, Los Alamitos (2007)
Hatebur, D., Heisel, M., Schmidt, H.: Analysis and component-based realization of security requirements. In: Proceedings of the International Conference on Availability, Reliability and Security (AReS). IEEE Transactions, pp. 195–203. IEEE, Los Alamitos (2008)
Hatebur, D., Heisel, M., Schmidt, H.: A formal metamodel for problem frames. In: Czarnecki, K., Ober, I., Bruel, J.-M., Uhl, A., Völter, M. (eds.) MODELS 2008. LNCS, vol. 5301, pp. 68–82. Springer, Heidelberg (2008)
Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall, Englewood Cliffs (1986)
Jackson, D.: Micromodels of software: Lightweight modelling and analysis with Alloy, http://softwareabstractions.org/
Jackson, M.: Problem Frames. Analyzing and structuring software development problems. Addison-Wesley, Reading (2001)
Lai, L., Lai, L., Sanders, J.W.: A refinement calculus for communicating processes with state. In: 1st Irish Workshop on Formal Methods: Proceedings, Electronic Workshops in Computing. Springer, Heidelberg (1997)
Li, Z., Hall, J.G., Rapanotti, L.: From requirements to specifications: a formal approach. In: Proceedings of the International Workshop on Advances and Applications of Problem Frames (IWAAPF 2006), pp. 65–70. ACM, New York (2006)
F. S. E. Limited. Failures-divergence refinement, FDR2 (2008)
Mantel, H.: A Uniform Framework for the Formal Specification and Verification of Information Flow Security. PhD thesis, Universität des Saarlandes, Saarbrücken, Germany (July 2003)
Mouratidis, H., Giorgini, P.: Secure Tropos: A security-oriented extension of the Tropos methodology. International Journal of Software Engineering and Knowledge Engineering 17(2), 285–309 (2007)
Nelson, M., Nelson, T., Alencar, P., Cowan, D.: Exploring problem-frame concerns using formal analysis. In: Proceedings of the International Workshop on Advances and Applications of Problem Frames (IWAAPF 2004), Edinburgh, Scotland, pp. 61–68. IET (2004)
Santen, T.: Preservation of probabilistic information flow under refinement. Information and Computation 206(2-4), 213–249 (2008)
van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th International Conference on Software Engineering (ICSE), pp. 148–157. IEEE Computer Society Press, Los Alamitos (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Schmidt, H. (2009). Pattern-Based Confidentiality-Preserving Refinement. In: Massacci, F., Redwine, S.T., Zannone, N. (eds) Engineering Secure Software and Systems. ESSoS 2009. Lecture Notes in Computer Science, vol 5429. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00199-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-00199-4_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-00198-7
Online ISBN: 978-3-642-00199-4
eBook Packages: Computer ScienceComputer Science (R0)