A formal security requirements model for a grid-based operating system

Authors:
Benjamin Aziz;Alvaro Arenas;Juan Bicarregui;Brian Matthews;Erica Yang
Affiliations:
STFC e-Science Centre, Rutherford Appleton Laboratory, Didcot, UK;STFC e-Science Centre, Rutherford Appleton Laboratory, Didcot, UK;STFC e-Science Centre, Rutherford Appleton Laboratory, Didcot, UK;STFC e-Science Centre, Rutherford Appleton Laboratory, Didcot, UK;STFC e-Science Centre, Rutherford Appleton Laboratory, Didcot, UK
Venue:
FACS-FMI'07 Proceedings of the 2007th internatioanal conference on Formal Methods in Industry
Year:
2007

Citing 4
Cited 0

Formal refinement patterns for goal-driven requirements elaboration

SIGSOFT '96 Proceedings of the 4th ACM SIGSOFT symposium on Foundations of software engineering
Requirements engineering in the year 00: a research perspective

Proceedings of the 22nd international conference on Software engineering
Handling Obstacles in Goal-Oriented Requirements Engineering

IEEE Transactions on Software Engineering - special section on current trends in exception handling—part II
Elaborating Security Requirements by Construction of Intentional Anti-Models

Proceedings of the 26th International Conference on Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we discuss the use of formal requirements engineering techniques in capturing security requirements for a Grid-based operating system. Our approach is based on the KAOS methodology in which system goals can be refined to sets of requirements that can be satisfied by agents performing specific operations on system objects. We focus on the example of one security goal of interest to Grid-based systems, namely the authorisation to access data, and show how this goal can be refined into system requirements. Then we develop a model of anti-goals, and show how the model captures vulnerabilities that undermine the main security goal.