Picking Battles The Impact of Trust Assumptions on the Elaboration of Security Requirements.pdfVIP

Picking Battles: the Impact of Trust Assumptions on the Elaboration of Security Requirements 1 1 2 1 Charles B. Haley , Robin C. Laney , Jonathan D. Moffett , Bashar Nuseibeh 1 Department of Computing, The Open University, Walton Hall, Milton Keynes, MK7 6AA, UK {C.B.Haley, R.C.Laney, B.A.Nuseibeh} [at] open.ac.uk 2 Department of Computer Science, University of York Heslington, York, YO10 5DD, UK jdm [at] cs.york.ac.uk Abstract. This position paper describes work on trust assumptions in the con- text of security requirements. We show how trust assumptions can affect the scope of the analysis, derivation of security requirements, and in some cases how functionality is realized. An example shows how trust assumptions are used by a requirements engineer to help define and limit the scope of analysis and to document the decisions made during the process. 1 Introduction Requirements engineering is about determining the characteristics of a system-to-be, and how well these characteristics fit with the desires of the stakeholders. A system- to-be includes all the diverse components needed to achieve its purpose, such as the computers, the people who will use, maintain, and depend on the system and the environment the system exists within. Stakeholders are those entities (e.g. people, companies) that have some reason to care about the system’s characteristics. A de- scription of these characteristics is the system’s requirements. Security requirements are an important component of a syst