怀疑驱动的安全需求形式化分析

2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI:10.1109/SECURWARE.2009.40

N. Amálio

{"title":"怀疑驱动的安全需求形式化分析","authors":"N. Amálio","doi":"10.1109/SECURWARE.2009.40","DOIUrl":null,"url":null,"abstract":"Increasingly, engineers need to approach security and software engineering in a unified way. This paper presents an approach to the formal analysis of security requirements that is based on planning and uses the concept of suspicion to guide the search for threats and security vulnerabilities in requirements. The approach is tested and illustrated by conducting two experiments: one focussing on a system with a confidentiality security property, and another with an integrity security property enforced through the separation of duty principle. The paper shows that suspicion plays an important rôle in finding vulnerabilities and security threats in requirements.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Suspicion-Driven Formal Analysis of Security Requirements\",\"authors\":\"N. Amálio\",\"doi\":\"10.1109/SECURWARE.2009.40\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Increasingly, engineers need to approach security and software engineering in a unified way. This paper presents an approach to the formal analysis of security requirements that is based on planning and uses the concept of suspicion to guide the search for threats and security vulnerabilities in requirements. The approach is tested and illustrated by conducting two experiments: one focussing on a system with a confidentiality security property, and another with an integrity security property enforced through the separation of duty principle. The paper shows that suspicion plays an important rôle in finding vulnerabilities and security threats in requirements.\",\"PeriodicalId\":382947,\"journal\":{\"name\":\"2009 Third International Conference on Emerging Security Information, Systems and Technologies\",\"volume\":\"3 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-06-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 Third International Conference on Emerging Security Information, Systems and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SECURWARE.2009.40\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECURWARE.2009.40","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

越来越多的工程师需要以统一的方式处理安全和软件工程。本文提出了一种基于计划的对安全需求进行形式化分析的方法，并使用怀疑的概念来指导对需求中的威胁和安全漏洞的搜索。通过进行两个实验对该方法进行了测试和说明:一个实验关注具有机密性安全属性的系统，另一个实验关注通过职责分离原则强制执行的完整性安全属性。本文表明，怀疑在发现需求中的漏洞和安全威胁方面起着重要的rôle作用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Suspicion-Driven Formal Analysis of Security Requirements

Increasingly, engineers need to approach security and software engineering in a unified way. This paper presents an approach to the formal analysis of security requirements that is based on planning and uses the concept of suspicion to guide the search for threats and security vulnerabilities in requirements. The approach is tested and illustrated by conducting two experiments: one focussing on a system with a confidentiality security property, and another with an integrity security property enforced through the separation of duty principle. The paper shows that suspicion plays an important rôle in finding vulnerabilities and security threats in requirements.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2009 Third International Conference on Emerging Security Information, Systems and Technologies

自引率

0.00%

发文量