A Case Study in Security Requirements Engineering for a High Assurance System
Irvine, Cynthia E.
Wilson, Jeffery D.
MetadataShow full item record
Requirements specifications for high assurance secure systems are rare in the open literature. This paper presents a case study in the development of a requirements document for a multilevel secure system that must meet stringent assurance and evaluation requirements. The system is secure, yet combines popular commercial components with specialized high assurance ones. Functional and non-functional requirements pertinent to security are discussed. A multi-dimensional threat model is presented. The threat model accounts for the developmental and operational phases of system evolution and for each phase accounts for both physical and non-physical threats. We describe our team-based method for developing a requirements document and relate that process to techniques in requirements engineering. The system requirements document presents a calibration point for future security requirements engineering techniques intended to meet both functional and assurance goals.
Proceedings of the 1st Symposium on Requirements Engineering for Information Security
Showing items related by title, author, creator and subject.
Irvine, Cynthia E.; Levin, Timothy E.; Wilson, J. D.; Shifflett, D.; Pereira, B. (Requirements Engineering Journal, 2002-07-02);Requirements specifications for high assurance secure systems are rare in the open literature. This paper examines the development of a requirements document for a multilevel secure system that must meet stringent assurance ...
Nguyen, Thuy D.; Irvine, Cynthia E. (International Conference on Information Warfare and Security (ICIW 2008), April 2008, Omaha, Nebraska, USA, 2008-04-01);Success in information warfare will depend on resilient, reconstitutable cyber assets and the ability to assess and respond to attacks. A cornerstone of this success will be the ability of Information Assurance professionals ...
Nguyen, Thuy D.; Irvine, Cynthia E.; Levin, Timothy E.; McEvilley, Michael (International Common Criteria Conference (ICCC), Rome, Italy, September 2007, 2007-09-01);The U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness (SKPP) is undergoing evaluation. During its authoring process, new extended functional and assurance requirements were ...