Sciweavers

SIGSOFT
2005
ACM

Reasoning about confidentiality at requirements engineering time

15 years 1 months ago
Reasoning about confidentiality at requirements engineering time
Growing attention is being paid to application security at requirements engineering time. Confidentiality is a particular subclass of security concerns that requires sensitive information to never be disclosed to unauthorized agents. Disclosure refers to undesired knowledge states of such agents. In previous work we have extended our requirements specification framework with epistemic constructs for capturing what agents may or may not know about the application. Roughly, an agent knows some property if the latter is found in the agent's memory. This paper makes the semantics of such constructs further precise through a formal model of how sensitive information may appear or disappear in an agent's memory. Based on this extended framework, a catalog of specification patterns is proposed to codify families of confidentiality requirements. A proof-ofconcept tool is presented for early checking of requirements models against such confidentiality patterns. In case of violation, ...
Renaud De Landtsheer, Axel van Lamsweerde
Added 20 Nov 2009
Updated 20 Nov 2009
Type Conference
Year 2005
Where SIGSOFT
Authors Renaud De Landtsheer, Axel van Lamsweerde
Comments (0)