A methodology for defining application-specific security requirements for C3 systems

It is noted that novel approaches are needed to ensure that the potential security risks inherent in the technologically advanced C3 (command, control, and communications) systems of the future are overcome. Crucial to these approaches is the ability to define system security requirements and security policies early in the development process and to refine them as needed throughout the process. A security requirements definition methodology (SRDM) has been developed for addressing these needs by helping nonsecurity technologists analyze and specify the security requirements of their C3 applications in application-specific terms. SRDM features a security requirements specification language (SRSL); a library of reusable SRSL specification building blocks derived from a comprehensive taxonomy of C3 security requirements; and a requirements definition process to promote optimal use of the language and library