We found a match
Your institution may have rights to this item. Sign in to continue.
- Title
Using trust assumptions with security requirements.
- Authors
Haley, Charles; Laney, Robin; Moffett, Jonathan; Nuseibeh, Bashar
- Abstract
Assumptions are frequently made during requirements analysis of a system about the trustworthiness of its various components (including human components). These trust assumptions, whether implicit or explicit, affect the scope of the analysis, derivation of security requirements, and in some cases how functionality is realized. This paper presents trust assumptions in the context of analysis of security requirements. A running example shows how trust assumptions can be used by a requirements engineer to help define and limit the scope of analysis and to document the decisions made during the process. The paper concludes with a case study examining the impact of trust assumptions on software that uses the secure electronic transaction specification.
- Subjects
COMPUTER security standards; COMPUTER software development; INFORMATION technology; COMPUTER systems; SYSTEM analysis; HUMAN-computer interaction
- Publication
Requirements Engineering, 2006, Vol 11, Issue 2, p138
- ISSN
0947-3602
- Publication type
Article
- DOI
10.1007/s00766-005-0023-4