The Security Requirements Behavior Model for Trustworthy Software

Abstract

The demand for web services and applications in cyberspace is hindered by security concerns that are raised by corporate service providers and service users. There are concerns about the trustworthiness of the web services from both sides of the spectrum. Testing web services security is a critical step towards enhancing their trustworthiness. To address these issues, we propose a comprehensive framework for specifying security requirements for web services and web applications. Based on these comprehensive security requirements specifications, formal security test case generation can then be derived and performed. In this paper, we introduce the Security Requirements Behavior Model (SRBM) to help obtaining secure and hence trustworthy web services and applications. Using Firesmith' security requirements categories, the SRBM is based on Sindre's misuse cases, Firesmith's security use cases, and the operational model of computer security.