• DocumentCode
    3068659
  • Title

    Suspicion-Driven Formal Analysis of Security Requirements

  • Author

    Amalio, Nuno

  • Author_Institution
    Univ. of Luxembourg, Luxembourg
  • fYear
    2009
  • fDate
    18-23 June 2009
  • Firstpage
    217
  • Lastpage
    223
  • Abstract
    Increasingly, engineers need to approach security and software engineering in a unified way. This paper presents an approach to the formal analysis of security requirements that is based on planning and uses the concept of suspicion to guide the search for threats and security vulnerabilities in requirements. The approach is tested and illustrated by conducting two experiments: one focussing on a system with a confidentiality security property, and another with an integrity security property enforced through the separation of duty principle. The paper shows that suspicion plays an important role in finding vulnerabilities and security threats in requirements.
  • Keywords
    formal verification; security of data; confidentiality security property; integrity security property; security requirements; security vulnerability; software engineering; suspicion-driven formal analysis; Artificial intelligence; Calculus; Costs; Information analysis; Information security; Programming; Safety; Software engineering; Software systems; System testing; Event-Calculus; Security; confidentiality; formal analysis; planning; requirements; separation of duty;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Emerging Security Information, Systems and Technologies, 2009. SECURWARE '09. Third International Conference on
  • Conference_Location
    Athens, Glyfada
  • Print_ISBN
    978-0-7695-3668-2
  • Type

    conf

  • DOI
    10.1109/SECURWARE.2009.40
  • Filename
    5211002