Security requirements for tolerating security failures

Abstract

This paper describes security failure-Tolerant requirements, which tolerate the failures of security services that protect applications from security attacks. A security service, such as authentication, confidentiality or integrity security service, can be always broken down as advanced attack skills are coined. There is no security service that is forever secure. This paper describes an approach to developing the security failure-Tolerant use case that specifies the security requirements for tolerating the breaches of security services. A security failure-Tolerant use case is modeled along with application use case and security use case, and specified with application use case description. Threats to applications are identified and modeled to develop security failure-Tolerant requirements. Online shopping system is used for illustrating security failure-Tolerant requirements.