Analyzing and Specifying Reusable Security Requirements
Abstract
A system cannot have high assurance if it has poor security, and thus, requirements for high assurance systems will logically include security requirements as well as availability, reliability, and robustness requirements. Unlike typical functional requirements, security requirements can potentially be highly reusable, especially if specified as instances of reusable templates. This paper discusses the value of reusable parameterized templates for specifying security requirements, provides an example of such a template and its associated usage, and outlines an asset-based analysis approach for determining the appropriate actual parameters to use when reusing parameterized templates to specify security requirements.
Document Details
- Document Type
- Technical Report
- Publication Date
- Sep 01, 2003
- Accession Number
- ADA612733
Entities
People
- Donald Firesmith
Organizations
- Carnegie Mellon University