Identification of security requirements in systems of systems by functional security analysis

Authors:
Andreas Fuchs;Roland Rieke
Affiliations:
Fraunhofer Institute for Secure Information Technology, Darmstadt, Germany;Fraunhofer Institute for Secure Information Technology, Darmstadt, Germany
Venue:
Architecting dependable systems VII
Year:
2010

Citing 14
Cited 1

Automata, Languages, and Machines

Automata, Languages, and Machines
Authenticity and Provability - A Formal Framework

InfraSec '02 Proceedings of the International Conference on Infrastructure Security
Elaborating Security Requirements by Construction of Intentional Anti-Models

Proceedings of the 26th International Conference on Software Engineering
Basic Concepts and Taxonomy of Dependable and Secure Computing

IEEE Transactions on Dependable and Secure Computing
Property-based attestation for computing platforms: caring about properties, not mechanisms

NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Security Requirements Engineering for Software Systems: Case Studies in Support of Software Engineering Education

CSEET '06 Proceedings of the 19th Conference on Software Engineering Education & Training
A common criteria based security requirements engineering process for the development of secure information systems

Computer Standards & Interfaces
A Pattern System for Security Requirements Engineering

ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Design and implementation of a TCG-based integrity measurement architecture

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
A Security Engineering Process based on Patterns

DEXA '07 Proceedings of the 18th International Conference on Database and Expert Systems Applications
Security Requirements Engineering: A Framework for Representation and Analysis

IEEE Transactions on Software Engineering
Analysis and Component-based Realization of Security Requirements

ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Privacy Requirements in Vehicular Communication Systems

CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03
Identification of security requirements in systems of systems by functional security analysis

Architecting dependable systems VII

Identification of security requirements in systems of systems by functional security analysis

Architecting dependable systems VII

Quantified Score

Hi-index	0.00

Visualization

Abstract

Cooperating systems typically base decisions on information from their own components as well as on input from other systems. Safety critical decisions based on cooperative reasoning however raise severe concerns to security issues. Here, we address the security requirements elicitation step in the security engineering process for such systems of systems. The method comprises the tracing down of functional dependencies over system component boundaries right onto the origin of information as a functional flow graph. Based on this graph, we systematically deduce comprehensive sets of formally defined authenticity requirements for the given security and dependability objectives. The proposed method thereby avoids premature assumptions on the security architecture's structure as well as the means by which it is realised. Furthermore, a tool-assisted approach that follows the presented methodology is described.