Requirements Engineering of an Access Protection

Access protection is an important requirement for systems, which handle confidential data. This paper describes an approach for the requirements engineering of an access protection using the example of an open system. A major problem of open systems is that many users with different roles access it. Moreover, the open system is connected to the Internet and has ports for connecting hardware like an external storage medium. Therefore, it is easy to steal or misuse confidential data from open systems if access protection is not existent. First, we used Task and Object-Oriented Requirements Engineering (TORE) in order to specify functional requirements on the access protection. For the elicitation of non-functional requirements, we applied Misuse-Oriented Quality Requirements Engineering (MOQARE), on which this paper is focused. Furthermore, we used the German IT-Safety and Security Standard Handbook in order to ensure the completeness of the solution requirements. For consideration of architectural requirements, we used Integrated Conflict Resolution and Architectural Design (ICRAD). It allows to analyze which design can realize which requirements and therefore to identify the most suitable one. Combining these three requirements engineering methods ensured a complete and appropriate solution.