A Case Study in Security Requirements Engineering for a High Assurance System

Abstract

Requirements specifications for high assurance secure systems are rare in the open literature. This paper presents a case study in the development of a requirements document for a multilevel secure system that must meet stringent assurance and evaluation requirements. The system is secure, yet combines popular commercial components with specialized high assurance ones. Functional and non-functional requirements pertinent to security are discussed. A multi-dimensional threat model is presented. The threat model accounts for the developmental and operational phases of system evolution and for each phase accounts for both physical and non-physical threats. We describe our team-based method for developing a requirements document and relate that process to techniques in requirements engineering. The system requirements document presents a calibration point for future security requirements engineering techniques intended to meet both functional and assurance goals.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2001
Accession Number
ADA484597

Entities

People

  • Barbara Pereira
  • Cynthia E. Irvine
  • David Shifflett
  • Jeffery D. Wilson
  • Timothy E. Levin

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Abstracts
  • Case Studies
  • Computer Programs
  • Computers
  • Engineering
  • Information Operations
  • Information Security
  • Instructions
  • Security
  • Specifications
  • Standards
  • Universities

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Software Engineering.
  • Systems Analysis and Design