Title :
The hidden meta-requirements of security and privacy
Author_Institution :
CERIAS, Purdue Univ., West Lafayette, IN, USA
Abstract :
When collecting requirements for software, designers may learn of needs for specific forms of protection to be present. These needs may be translated into requirements for encryption or authentication, but what about the non-obvious aspects of security - including privacy, auditability and assurance - that are usually overlooked in the requirements capture process? When we overlook these issues, we get software that doesn´t deserve our trust. In this paper, I discuss some of the aspects of security that are regularly overlooked by designers and suggest some standard questions that should be addressed in every design
Keywords :
auditing; data privacy; security of data; software quality; systems analysis; auditability; authentication; encryption; hidden meta-requirements; privacy; security; software design; software protection; software quality assurance; software requirements capture; software trustworthiness; Authentication; Computer science education; Computer security; Cryptography; Information security; Military computing; Privacy; Protection; Software design; USA Councils;
Conference_Titel :
Requirements Engineering, 2001. Proceedings. Fifth IEEE International Symposium on
Conference_Location :
Toronto, Ont.
Print_ISBN :
0-7695-1125-2
DOI :
10.1109/ISRE.2001.948536
