A framework for security requirements engineering
Proceedings of the 2006 international workshop on Software engineering for secure systems
Managing assumptions during agile development
SHARK '09 Proceedings of the 2009 ICSE Workshop on Sharing and Reusing Architectural Knowledge
Sociotechnical trust: an architectural approach
ER'11 Proceedings of the 30th international conference on Conceptual modeling
Designing security requirements models through planning
CAiSE'06 Proceedings of the 18th international conference on Advanced Information Systems Engineering
Trust-based specification of sociotechnical systems
Data & Knowledge Engineering
Hi-index | 0.00 |
Assumptions are frequently made during requirements analysis of a system about the trustworthiness of its various components (including human components). These trust assumptions, whether implicit or explicit, affect the scope of the analysis, derivation of security requirements, and in some cases how functionality is realized. This paper presents trust assumptions in the context of analysis of security requirements. A running example shows how trust assumptions can be used by a requirements engineer to help define and limit the scope of analysis and to document the decisions made during the process. The paper concludes with a case study examining the impact of trust assumptions on software that uses the secure electronic transaction specification.