Towards Usable Cyber Security Requirements

摘要

Security has become a primary and prevalent concern for software systems, The past decade has witnessed a tremendous increase in not only the sheer number of attacks but also the ease with which attacks can be performed on systems. In this paper we exemplify the usage of a novel technique for developing security requirements, by demonstrating each step in the technique when applied to an example usage scenario. Furthermore, this new technique also provides support for deriving testing artifacts from the specified security requirements. We believe that in order to protect a system against harm (intended or not), attention must be given to its requirements. Similar to other system properties and quality attributes, security must be considered at the requirements.