Skip to main content
SpringerLink
Log in

Picking Battles: The Impact of Trust Assumptions on the Elaboration of Security Requirements

  • Conference paper
Trust Management (iTrust 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2995))

Included in the following conference series:

Abstract

This position paper describes work on trust assumptions in the context of security requirements. We show how trust assumptions can affect the scope of the analysis, derivation of security requirements, and in some cases how functionality is realized. An example shows how trust assumptions are used by a requirements engineer to help define and limit the scope of analysis and to document the decisions made during the process.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Crook, R., Ince, D., Lin, L., Nuseibeh, B.: Security Requirements Engineering: When Anti-Requirements Hit the Fan. In: Proceedings of the IEEE Joint International Conference on Requirements Engineering (RE 2002), Essen, Germany, pp. 203–205 (2002)

    Google Scholar 

  2. Gans, G., et al.: Requirements Modeling for Organization Networks: A (Dis)Trust-Based Approach. In: 5th IEEE International Symposium on Requirements Engineering (RE 2001), August 27-31, pp. 154–165. IEEE Computer Society Press, Toronto (2001)

    Google Scholar 

  3. Giorgini, P., Massacci, F., Mylopoulos, J.: Requirement Engineering Meets Security: A Case Study on Modelling Secure Electronic Transactions by VISA and Mastercard. In: Song, I.-Y., Liddle, S.W., Ling, T.-W., Scheuermann, P. (eds.) ER 2003. LNCS, vol. 2813, pp. 263–276. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  4. Grandison, T., Sloman, M.: Trust Management Tools for Internet Applications. In: Nixon, P., Terzis, S. (eds.) iTrust 2003. LNCS, vol. 2692, pp. 91–107. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  5. Haley, C.B., Laney, R.C., Nuseibeh, B.: Deriving Security Requirements from Crosscutting Threat Descriptions. In: Proceedings of the Fourth International Conference on Aspect-Oriented Software Development (AOSD 2004), March 22-26, ACM Press, Lancaster (2004)

    Google Scholar 

  6. He, Q., Antón, A.I.: A Framework for Modeling Privacy Requirements in Role Engineering. In: Eder, J., Missikoff, M. (eds.) CAiSE 2003. LNCS, vol. 2681, Springer, Heidelberg (2003)

    Google Scholar 

  7. ISO/IEC: Information Technology - Security Techniques - Evaluation Criteria for IT Security - Part 1: Introduction and General Model. ISO/IEC: Geneva Switzerland, 15408-1 (December 1, 1999)

    Google Scholar 

  8. Jackson, M.: Problem Frames. Addison-Wesley, Reading (2001)

    Google Scholar 

  9. van Lamsweerde, A., Brohez, S., De Landtsheer, R., Janssens, D.: From System Goals to Intruder Anti-Goals: Attack Generation and Resolution for Security Requirements Engineering. In: Requirements for High Assurance Systems Workshop (RHAS 2003), Eleventh International Requirements Engineering Conference (RE 2003), Monterey, CA USA, September 8 (2003)

    Google Scholar 

  10. Lin, L., Nuseibeh, B., Ince, D., Jackson, M., Moffett, J.: Introducing Abuse Frames for Analyzing Security Requirements. In: Proceedings of the 11th IEEE International Requirements Engineering Conference (RE 2003), Monterey CA USA, September 8-12, pp. 371–372 (2003)

    Google Scholar 

  11. Moffett, J.D., Nuseibeh, B.: A Framework for Security Requirements Engineering, Department of Computer Science. University of York, UK, YCS368 (August 2003)

    Google Scholar 

  12. Pfleeger, C.P., Pfleeger, S.L.: Security in Computing. Prentice-Hall, Englewood Cliffs (2002)

    Google Scholar 

  13. Viega, J., McGraw, G.: Building Secure Software: How to Avoid Security Problems the Right Way. Addison-Wesley, Reading (2002)

    Google Scholar 

  14. Yu, E.: Towards Modelling and Reasoning Support for Early-Phase Requirements Engineering. In: Proceedings of the Third IEEE International Symposium on Requirements Engineering (RE 1997), Annapolis MD USA, January 6-10, pp. 226–235 (1997)

    Google Scholar 

  15. Yu, E., Cysneiros, L.M.: Designing for Privacy and Other Competing Requirements. In: Second Symposium on Requirements Engineering for Information Security (SREIS 2002), Raleigh, NC USA, October 15-16 (2002)

    Google Scholar 

  16. Yu, E., Liu, L.: Modelling Trust for System Design Using the i* Strategic Actors Framework. In: Falcone, R., Singh, M., Tan, Y.-H. (eds.) AA-WS 2000. LNCS (LNAI), vol. 2246, pp. 175–194. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computing, The Open University, Walton Hall, Milton Keynes, MK7 6AA, UK

    Charles B. Haley, Robin C. Laney & Bashar Nuseibeh

  2. Department of Computer Science, University of York Heslington, York, YO10 5DD, UK

    Jonathan D. Moffett

Authors
  1. Charles B. Haley
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Robin C. Laney
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jonathan D. Moffett
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bashar Nuseibeh
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Informatics and Mathematical Modelling, Technical University of Denmark, 2800, Lyngby, Denmark

    Christian Jensen

  2. Department of Electronic Engineering, Queen Mary, University of London, Mile End Road, E1 4NS, London, UK

    Stefan Poslad

  3. BT Group Chief Technology Office, IP5 3RE, Ipswich, UK

    Theo Dimitrakos

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Haley, C.B., Laney, R.C., Moffett, J.D., Nuseibeh, B. (2004). Picking Battles: The Impact of Trust Assumptions on the Elaboration of Security Requirements. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds) Trust Management. iTrust 2004. Lecture Notes in Computer Science, vol 2995. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24747-0_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24747-0_27

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-21312-3

  • Online ISBN: 978-3-540-24747-0

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation