An Approach to Security Requirements Engineering for a High Assurance System

Abstract

Requirements specifications for high assurance secure systems are rare in the open literature. This paper examines the development of a requirements document for a multilevel secure system that must meet stringent assurance and evaluation requirements. The system is designed to be secure yet combines popular commercial components with specialized high assurance ones. Functional and non-functional requirements pertinent to security are discussed. A multi-dimensional threat model is presented. The threat model accounts for the developmental and operational phases of system evolution and for each phase accounts for both physical and non-physical threats.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2002
Accession Number
ADA435464

Entities

People

  • Barbara Pereira
  • Cynthia E. Irvine
  • David Shifflett
  • Jeffery D. Wilson
  • Timothy E. Levin

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Application Protocols
  • Application Software
  • Authentication
  • Communication Channels
  • Communications Protocols
  • Computer Network Security
  • Computer Programming
  • Computer Programs
  • Computers
  • Cybersecurity
  • Electronic Mail
  • Engineering
  • Information Systems
  • Local Area Networks
  • Malware
  • Network Science
  • Security

Fields of Study

  • Computer science

Readers

  • Finite Element Method (FEM) for solving Partial Differential Equations (PDEs)
  • Software Engineering.
  • Strategic Security Studies