ABSTRACT

Case Study in Security Requirements Engineering for a High Assurance System   [open pdf - 2MB]

"Requirements specifications for high assurance secure systems are rare in the open literature. This paper presents a case study in the development of a requirements document for a multilevel secure system that must meet stringent assurance and evaluation requirements. The system is secure, yet combines popular commercial components with specialized high assurance ones. Functional and non-functional requirements pertinent to security are discussed. A multi-dimensional threat model is presented. The threat model accounts for the developmental and operational phases of system evolution and for each phase accounts for both physical and non-physical threats. We describe our team-based method for developing a requirements document and relate that process to techniques in requirements engineering. The system requirements document presents a calibration point for future security requirements engineering techniques intended to meet both functional and assurance goals."

Report Number:
1st Symposium on Requirements Engineering for Information Security. Purdue University, Indianapolis, IN. March 5-6, 2001
Author:
Publisher:
Date:
2001-03
Copyright:
Public Domain
Retrieved From:
Defense Technical Information Center (DTIC): http://www.dtic.mil/dtic/
Format:
pdf
Media Type:
application/pdf
URL:
Help with citations