Analysing security requirements formally and flexibly based on suspicion

Amálio, Nuno

Home // International Journal On Advances in Security, volume 2, number 4, 2009 // View article

Analysing security requirements formally and flexibly based on suspicion

Authors:
Nuno Amálio

Keywords: Security, requirements, formal analysis, Event- Calculus, planning, confidentiality, separation of duty.

Abstract:
Increasingly, engineers need to approach security and software engineering in a unified way. This paper presents an approach to the formal analysis of security requirements that is based on model-checking and uses the concept of suspicion to guide the search for threats and security vulnerabilities in requirements. It proposes an approach to security analysis that favours exploration of a system’s state space based on what is abnormal or suspicious to find threats and vulnerabilities, instead of ironclad security proofs that try to demonstrate that a system is secure; as this paper shows, such security proofs can often be misleading. The approach is tested and illustrated by conducting two experiments: one focussing on a system with a confidentiality security property, and another with an integrity security property enforced through the separation of duty principle. One of the advantages of the approach presented here is that threats are derived directly from a model of requirements and no prior knowledge about possible attacks is necessary to perform the analysis. The paper shows that suspicion is an effective search criteria for finding vulnerabilities and security threats in requirements, and that the feedback generated by the analysis helps in elaborating security requirements.

Pages: 344 to 357

Publication date: March 17, 2010

Published in: journal

ISSN: 1942-2636