Security requirements engineering: when anti-requirements hit the fan

Author

Crook, Robert ; Ince, Darrel ; Lin, Luncheng ; Nuseibeh, Bashar

Author_Institution

Dept. of Comput., Open Univ., Milton Keynes, UK

fYear

2002

fDate

2002

Firstpage

203

Lastpage

205

Abstract

Everyone agrees that security is a problem, ranging from Microsoft to the banks that have been recent victims of rogue traders. What is paradoxical is that there does not seem to be a wholehearted commitment by both academics and industry to treat this topic systematically at the top level of requirements engineering. Our vision is of a future in which we inform the security requirements engineering process by organisational theory. This would act as the bridge between the well-ordered world of the software project informed by conventional requirements and the unexpected world of anti-requirements associated with the malicious user. We frame a vision for the requirements engineering community that would involve the community solving six difficult problems.

Keywords

formal specification; security of data; systems analysis; anti-requirements; information security; malicious user; organisational theory; security requirements engineering; software project; Access control; Availability; Bridges; Electrical equipment industry; Face detection; Information security; Information systems; Maintenance engineering; Privacy; Protection;

fLanguage

English

Publisher

ieee

Conference_Titel

Requirements Engineering, 2002. Proceedings. IEEE Joint International Conference on

ISSN

1090-705X

Print_ISBN

0-7695-1465-0

Type

conf

DOI

10.1109/ICRE.2002.1048527

Filename

1048527