2009-06-17

Suspicion-driven formal analysis of security requirements

by : Nuno Amalio

Abstract: Increasingly, engineers need to approach security and software engineering in a unified way. This talk presents an approach to the formal analysis of security requirements that is based on planning and uses the concept of suspicion to guide the search for threats and security vulnerabilities in requirements. The approach is tested and illustrated by conducting two experiments: one focussing on a system with a confidentiality security property, and another with an integrity security property enforced through the separation of duty principle. The talk shows that suspicion-driven analysis plays an important rôle in exposing vulnerabilities and security threats in requirements.