{"title":"Engineering secure software by modelling privacy and security requirements","authors":"M. N. Kreeger, I. Duncan","doi":"10.1109/CCST.2005.1594820","DOIUrl":null,"url":null,"abstract":"Requirements are individual statements, usually expressed in a form of natural language, specifying the behaviour and constraints of a proposed system. Due to the intrinsic value of correct requirements, it is therefore essential for the process to be implemented correctly and that the requirements themselves reflect the true needs of the proposed system. The majority of developed systems introduce the concerns of privacy and security, however, traditional requirements engineering techniques have not addressed these issues appropriately. Further, the concepts of privacy, security, and the interrelated concept of trust, have not been accurately defined in terms of requirements engineering. Natural language is shown to be the most prevalent form of knowledge used to represent requirements, however, natural language introduces a number of inherent problems which can lead to ambiguity and specifications open to interpretation. When reasoning with privacy and security concerns the resulting specification should be both clear and concise in the stipulation of requirements. Therefore, before attempting to model privacy and security at the requirements engineering level, it is essential to have an understanding and appreciation of the issues involved. Consideration is given to the various concerns that would effect methodology development and once assessed a possible approach to modelling privacy and security requirements is highlighted.","PeriodicalId":411051,"journal":{"name":"Proceedings 39th Annual 2005 International Carnahan Conference on Security Technology","volume":"62 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 39th Annual 2005 International Carnahan Conference on Security Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCST.2005.1594820","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
Abstract
Requirements are individual statements, usually expressed in a form of natural language, specifying the behaviour and constraints of a proposed system. Due to the intrinsic value of correct requirements, it is therefore essential for the process to be implemented correctly and that the requirements themselves reflect the true needs of the proposed system. The majority of developed systems introduce the concerns of privacy and security, however, traditional requirements engineering techniques have not addressed these issues appropriately. Further, the concepts of privacy, security, and the interrelated concept of trust, have not been accurately defined in terms of requirements engineering. Natural language is shown to be the most prevalent form of knowledge used to represent requirements, however, natural language introduces a number of inherent problems which can lead to ambiguity and specifications open to interpretation. When reasoning with privacy and security concerns the resulting specification should be both clear and concise in the stipulation of requirements. Therefore, before attempting to model privacy and security at the requirements engineering level, it is essential to have an understanding and appreciation of the issues involved. Consideration is given to the various concerns that would effect methodology development and once assessed a possible approach to modelling privacy and security requirements is highlighted.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
