Trade-off analysis between security policies for Java mobile codes and requirements for Java application

Abstract

We propose a method for analyzing trade-off between security policies for Java mobile codes and requirements for Java application. We assume that mobile codes are downloaded from different sites, they are used in an application on a site, and their functions are restricted by security policies on the site. We clarify which functions to be performed under the policies on the site using our tool [H. Kaiya et al., (2002)]. We also clarify which functions are needed so as to meet the requirements for the application by goal oriented requirements analysis (GORA). By comparing functions derived from the policies and functions from the requirements, we find conflicts between the policies and the requirements, and also find vagueness of the requirements.