Eliciting Security Requirements for an Information System using Asset Flows and Processor Deployment

摘要

The authors cannot comprehensively determine all of the vulnerabilities to an attack only from requirements descriptions. To resolve the problem, the authors propose a method for eliciting security requirements using the information about system architecture. The authors convert a use-case description into a variation of a dataflow diagram called an asset-flow diagram (A FD). The authors then refine the A FDs based on a processor deployment diagram (FDD), which gives information about a system architecture. By using vulnerabilities patterns to an attack, the authors distinguish vulnerabilities to the attack that can be identifiable in A FDs from remaining vulnerabilities to the attack. To prohibit the former vulnerabilities, security requirements are defined as countermeasures and/or modification of existing requirements. To prevent the latter vulnerabilities, security requirements are defined as design and implementation constraints. Through an evaluation of a web application, the authors show that our method enables us to elicit security requirements against several different attacks in different system architectures.