[Context and motivation] Security mechanisms, such as firewalls and encryption, operationalize security requirements, such as confidentiality and integrity. [Question/problem] Although previous work has pointed out that the application of a security mechanism affects system specifications, there is no systematic approach to describe and analyze this impact. [Principal ideas/results] In this paper, we investigate more than 40 security mechanisms that are well documented in security pattern repositories in order to better understand what they are and how they function. [Contribution] Based on this study, we propose a conceptual model for security mechanisms, and evaluate this model against 20 security mechanisms. Using the conceptual model, we provide a systematic process for analyzing and enforcing security mechanisms on system requirements. We also develop a prototype tool to facilitate the application and evaluation of our approach.
CITATION STYLE
Li, T., Horkoff, J., & Mylopoulos, J. (2015). Analyzing and enforcing security mechanisms on requirements specifications. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9013, pp. 115–131). Springer Verlag. https://doi.org/10.1007/978-3-319-16101-3_8
Mendeley helps you to discover research relevant for your work.