D. Drusinsky, J. Michael, Thomas W. Otani, M. Shing, D. Wijesekera
{"title":"Computer-assisted validation and verification of cybersecurity requirements","authors":"D. Drusinsky, J. Michael, Thomas W. Otani, M. Shing, D. Wijesekera","doi":"10.1109/THS.2010.5655087","DOIUrl":null,"url":null,"abstract":"Errors in requirements are often a contributing cause of the failure of critical infrastructure and their underlying information systems to adequately guard against cyber intrusions and withstand cyber attacks. However, detecting errors in the cybersecurity requirements, and for requirements in general, is a challenging task. In this paper we describe how computer-aided formal verification and validation can be leveraged to address the challenge of correctly capturing natural language cybersecurity requirements, converting the natural language statements into formal requirements specifications, and then checking the formal specifications to ensure that they match the original intent of the stakeholders. Our approach centers on creating a one-to-one mapping between natural language requirements and UML statechart assertions. Statechart assertions are Boolean statements about the expected behavior of the system, expressed as UML statecharts. The set of assertions created by the security or software engineer is a formal model of the system's requirements. We demonstrate our approach using examples of formally specifying and validating requirements for correct cyber system behaviors and the detection of illegal business schemes in choreographed web services.","PeriodicalId":106557,"journal":{"name":"2010 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE International Conference on Technologies for Homeland Security (HST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/THS.2010.5655087","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
Errors in requirements are often a contributing cause of the failure of critical infrastructure and their underlying information systems to adequately guard against cyber intrusions and withstand cyber attacks. However, detecting errors in the cybersecurity requirements, and for requirements in general, is a challenging task. In this paper we describe how computer-aided formal verification and validation can be leveraged to address the challenge of correctly capturing natural language cybersecurity requirements, converting the natural language statements into formal requirements specifications, and then checking the formal specifications to ensure that they match the original intent of the stakeholders. Our approach centers on creating a one-to-one mapping between natural language requirements and UML statechart assertions. Statechart assertions are Boolean statements about the expected behavior of the system, expressed as UML statecharts. The set of assertions created by the security or software engineer is a formal model of the system's requirements. We demonstrate our approach using examples of formally specifying and validating requirements for correct cyber system behaviors and the detection of illegal business schemes in choreographed web services.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
