The use of system security description method in security design assement: A case study

In this paper, we demonstrate through a case study the effectiveness of a description method that we developed as a system analysis tool to describe the structure of the security of systems. We apply the description method in design assessment of a digital right management system which has to meet complex security requirements. This method, based on the assumption of the use of standard encryption technologies and existing cryptographic protocols, reveals hidden security threats and vulnerabilities of systems. It extracts only security elements that constitute the trust relationship of system components, describing the relation between the elements, and analyzing the relation. This method provides a valuable assistance tool for frontline engineers in system development fields to build secure systems, and an efficient communication paradigm between stakeholders of a system to help them in understanding the security of the system and confirming that their security requirements are fulfilled.