Sound methods and effective tools for model-based security engineering with UML
Proceedings of the 27th international conference on Software engineering
Risky trust: risk-based analysis of software systems
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Security risk mitigation for information systems
BT Technology Journal
Research Directions in Requirements Engineering
FOSE '07 2007 Future of Software Engineering
Engineering Trust Management into Software Models
MISE '07 Proceedings of the International Workshop on Modeling in Software Engineering
Enforcing a security pattern in stakeholder goal models
Proceedings of the 4th ACM workshop on Quality of protection
The socio-economics of software architecture
Automated Software Engineering
Pattern-Based Confidentiality-Preserving Refinement
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Modeling and analysis of security trade-offs - A goal oriented approach
Data & Knowledge Engineering
Towards HIPAA-compliant healthcare systems
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Trust: from cognition to conceptual models and design
CAiSE'06 Proceedings of the 18th international conference on Advanced Information Systems Engineering
Trust obstacle mitigation for database systems
BNCOD'06 Proceedings of the 23rd British National Conference on Databases, conference on Flexible and Efficient Information Handling
Hi-index | 0.00 |
Assumptions are frequently made during requirements analysis of a system-to-be about the trustworthiness of its various components (including human components). These trust assumptions can affect the scope of the analysis, derivation of security requirements, and in some cases how functionality is realized. This paper presents trust assumptions in the context of analysis of security requirements. A running example shows how trust assumptions can be used by a requirements engineer to help define and limit the scope of analysis and to document the decisions made during the process. The paper concludes with a case study examining the impact of trust assumptions on software that uses the Secure Electronic Transaction (SET) specification.