7th Annual IEEE Information Assurance Workshop

 21-23 June 2006

 "The West Point Workshop"

 United States Military Academy, West Point, New York
Chair:  LTC Ronald Dodge, Ronald.Dodge@usma.edu

http://www.itoc.usma.edu/workshop/2006
   

Home
Call for Papers
Papers
Posters
Submission
Registration
Travel
Lodging
Program
Vendor Info
Contacts
Photographs
   IAWorkshop 2006 START Conference Manager    

The Usage-Centric Security Requirements Engineering (USeR) Method

Niklas Hallberg and Jonas Hallberg

The 7th IEEE Information Assurance Workshop (IAWorkshop 2006)
West Point, New York, USA, June 21-23, 2006

Abstract

This paper presents an approach for extracting security requirements from early design specifications. An increasing part of the communication and sharing of information in our society utilizes electronic media. Many organizations, especially distributed and Net-centric, are entirely depended on well functioning information systems. Thus, IT security is becoming central to the ability to fulfill business goals, build trustworthy systems, and protect assets. In order to develop systems with adequate security features, it is essential to capture the corresponding security needs and requirements. The main objective of this paper is to present and illustrate the use of a method for extracting security needs from textual descriptions of general requirements of information systems and transforming these needs into security requirements and security techniques. Further, the consequences of selected security techniques are described as design implications. The method utilizes quality tools, such as Voice of the customer table, Affinity and Hierarchy diagrams. To illustrate the method, called the Usage-centric Security Requirements engineering (USeR) method, it is applied in a case study. The USeR method supports the revealing of security needs from the usage of the information systems and the transformation of those needs into security techniques. Though the method needs to be used with complementary approaches, e.g. misuse cases to detect security requirements originating from the functional requirements, it provides a coherent process and holistic view that already in the early stages can guide the development to achieve information systems more resistant to security threats.

  
START Conference Manager (V2.52.3)
Maintainer: rrgerber@softconf.com

 

   
         
The IEEE Information Assurance Workshop is sponsored by the IEEE Systems Man and Cybernetics Society, supported by the National Security Agency, and hosted by the Information Technology Operations Center, Department of Electrical Engineering and Computer Science, at the United States Military Academy, West Point, New York.