Security requirements engineering: when anti-requirements hit the fan

Everyone agrees that security is a problem, ranging from Microsoft to the banks that have been recent victims of rogue traders. What is paradoxical is that there does not seem to be a wholehearted commitment by both academics and industry to treat this topic systematically at the top level of requirements engineering. Our vision is of a future in which we inform the security requirements engineering process by organisational theory. This would act as the bridge between the well-ordered world of the software project informed by conventional requirements and the unexpected world of anti-requirements associated with the malicious user. We frame a vision for the requirements engineering community that would involve the community solving six difficult problems.

[1]  Claudia Eckert On security models , 1996, SEC.

[2]  Emil C. Lupu,et al.  The uses of role hierarchies in access control , 1999, RBAC '99.

[3]  Emil C. Lupu,et al.  Ponder: A Language for Specifying Security and Management Policies for Distributed Systems , 2000 .

[4]  Len LaPadula,et al.  Secure Computer Systems: A Mathematical Model , 1996 .

[5]  Axel van Lamsweerde,et al.  Handling Obstacles in Goal-Oriented Requirements Engineering , 2000, IEEE Trans. Software Eng..

[6]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[7]  E. Letier,et al.  Goal-Oriented Elaboration of Security Requirements , 2001 .

[8]  Lawrence Chung,et al.  Dealing with Security Requirements During the Development of Information Systems , 1993, CAiSE.

[9]  Eric Yu,et al.  Modelling Trust in the i* Strategic Actors Framework , 2000 .

[10]  Annie I. Antón,et al.  Strategies for Developing Policies and Requirements for Secure and Private Electronic Commerce , 2001, E-Commerce Security and Privacy.

[11]  Université Catholique de Louvain Cartesian Categories , .

[12]  Jonathan D. Moffett Requirements and Policies , 1999 .

[13]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[14]  John P. McDermott,et al.  Using abuse case models for security requirements analysis , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[15]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[16]  Andreas L. Opdahl,et al.  Templates for Misuse Case Description , 2001 .

[17]  Ravi S. Sandhu,et al.  Lattice-based models for controlled sharing of confidential information in the Saudi Hajj system , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[18]  Annie I. Antón,et al.  The role of policy and stakeholder privacy values in requirements engineering , 2001, Proceedings Fifth IEEE International Symposium on Requirements Engineering.

[19]  Ravi S. Sandhu,et al.  Conceptual foundations for a model of task-based authorizations , 1994, Proceedings The Computer Security Foundations Workshop VII.

[20]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.