Article

Reasoning about confidentiality at requirements engineering time

Authors:

Renaud De Landtsheer,

Axel van LamsweerdeAuthors Info & Claims

ESEC/FSE-13: Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering

Pages 41 - 49

https://doi.org/10.1145/1081706.1081715

Published: 05 September 2005 Publication History

Abstract

Growing attention is being paid to application security at requirements engineering time. Confidentiality is a particular subclass of security concerns that requires sensitive information to never be disclosed to unauthorized agents. Disclosure refers to undesired knowledge states of such agents. In previous work we have extended our requirements specification framework with epistemic constructs for capturing what agents may or may not know about the application. Roughly, an agent knows some property if the latter is found in the agent's memory.This paper makes the semantics of such constructs further precise through a formal model of how sensitive information may appear or disappear in an agent's memory. Based on this extended framework, a catalog of specification patterns is proposed to codify families of confidentiality requirements. A proof-of-concept tool is presented for early checking of requirements models against such confidentiality patterns. In case of violation, the counterexample scenarios generated by the tool show how an unauthorized agent may acquire confidential knowledge. Counter-measures should then be devised to produce further confidentiality requirements.

References

[1]

A. Biere, A.Cimatti, E. M. Clarke, O. Strichman, and Y. Zhu, "Bounded model checking", Advances in Computers, 58, 2003.]]

[2]

D. Bolignano, "Towards a mechanization of cryptographic protocol verification", Proc. 9th International Computer Aided Verification Conference, 1997, 131--142.]]

Digital Library

[3]

http://www.cert.org/stats/cert_stats.html.]]

[4]

I. Cervesato, "Data access specification and the most powerful symbolic attacker in msr", In ISSS 2002: Software Security - Theories and Systems, LNCS 2609, Springer-Verlag, November 2003, 384--416.]]

[5]

M. Chechik and D. O. Paun, "Events in property patterns", In Theoretical and Practical Aspects of SPIN Model Checking, LNCS 1680, Springer-Verlag, 1999, 154--167.]]

Digital Library

[6]

R. De Landtsheer, "Solving CSPs including universal quantifications", Proc. of the 2nd Int. Mozart/Oz Conference, 2004.]]

[7]

M.B. Dwyer, G. S. Avrunin and J.C. Corbett, "Patterns in Property Specifications for Finite-State Verification", Proc. ICSE'99 - 21st Intl. Conf. Softw. Eng., May 1999.]]

Digital Library

[8]

J. Engelfriet, "Monotonicity and persistence in preferential logics", J. Artif. Intell. Res. 8, 1998, 1--21.]]

Digital Library

[9]

R. Fagin, J. Y. Halpern, Y. Moses, and M. Y. Vardi. Reasoning About Knowledge. MIT Press, 1995.]]

Digital Library

[10]

J. Halpern and Y. Moses, "Towards a Theory of Knowledge and Ignorance: Preliminary Report", In Logics and Models of Concurrent Systems, Springer-Verlag, 1985, 459--476.]]

Digital Library

[11]

Halpern J., van der Meyden R., and Vardi. Complete axiomatizations for reasoning about knowledge and time. 1997.]]

[12]

J. Jacob, "On the derivation of secure components", In Proc. of 1989 IEEE Symposium on Security and Privacy, Oakland, CA, May 1989.]]

[13]

D. Jackson, "Automating first-order relational logic", Proc. FSE'2000: 8th ACM SIGSOFT Intl Symp. Foundations of Software Engineering, San Diego, 2000.]]

Digital Library

[14]

M. Jago, N. Alechina, and B. Logan, "A complete and decidable logic for resource bounded agents", Proc. AAMAS 04, New York, July 2004, 606--613.]]

Digital Library

[15]

S. Jha, E.M. Clarke and W. Marrero, "Verifying security protocols with Brutus", ACM Trans. Software Engineering and Methodology (TOSEM), October 2000, 443--487.]]

Digital Library

[16]

U. Junker, "QUICKXPLAIN: Conflict Detection for Arbitrary Constraint Propagation Algorithms", Proc. IJCAI'01 Workshop on Modeling and Solving Problems with Constraints, 2001.]]

[17]

R. Kemmerer, C. Meadows, and J. Millen, "Three systems for cryptographic protocol analysis", Journal of Cryptology 7(2), 1994, 79--130.]]

Digital Library

[18]

R. Kemmerer, "Cybersecurity", Proc.ICSE'03 - 25th Intl. Conf. on Softw. engineering, Portland, 2003, 705--715.]]

Digital Library

[19]

A. van Lamsweerde and E. Letier, "Handling obstacles in goal-oriented requirements engineering", IEEE Transactions on Software Engineering, Special Issue on Exception Handling, 26(10), October 2000, 978--1005.]]

Digital Library

[20]

A. van Lamsweerde, "Goal-oriented requirements engineering: A guided tour". Proc.RE'01 - 5th IEEE International Symposium on Requirements Engineering, Toronto, August 2001, 249--263.]]

Digital Library

[21]

A. van Lamsweerde, "From System Goals to Software Architecture", In Formal Methods for Software Architectures, M. Bernardo & P. Inverardi (eds), LNCS 2804, Springer-Verlag, 2003, 25--43.]]

[22]

A. van Lamsweerde, "Elaborating security requirements by construction of intentional anti-models", Proc. ICSE'04: 26th Intl. Conf. on Software Engineering, IEEE, 2004, 148--157.]]

Digital Library

[23]

E. Letier and A. van Lamsweerde, "Deriving Operational Software Specifications from System Goals", Proc. FSE'10: 10th ACM SIGSOFT Symp. Foundations of Software Engineering, Charleston, November 2002.]]

Digital Library

[24]

L. Liu, E. Yu and J. Mylopoulos, "Security and Privacy Requirements Analysis within a Social Setting", Proc.RE'03: 11th IEEE International Requirements Engineering Conference, Monterey, Sept. 2003.]]

Digital Library

[25]

G. Lowe, "Breaking and fixing the Needham-Schroeder public-key protocol using FDR", in TACAS'96: Tools and Algorithms for Construction and Analysis of Systems, 1996.]]

Digital Library

[26]

Z. Manna and A. Pnueli. The Temporal Logic of Reactive and Concurrent Systems. Springer-Verlag, 1992.]]

Digital Library

[27]

A. Pnueli, "Verification by Finitary Abstraction", Proc. SPIN'98: 4th Intl. SPIN Workshop, Paris, Nov. 1998.]]

[28]

Ch. Schulte. Programming Constraint Services. Lecture Notes in Artificial Intelligence Vol. 2302,. Springer-Verlag, Berlin, 2002.]]

[29]

P. Van Roy and S. Haridi, Concepts, Techniques, and Models of Computer Programming. MIT Press, March 2004.]]

Digital Library

[30]

J. Viega and G. McGraw. Building Secure Software: How to Avoid Security Problems the Right Way. Addison-Wesley, 2001.]]

Digital Library

[31]

J. Wing, "A Symbiotic Relationship Between Formal Methods and Security", Proc. NSF Workshop on Computer Security, Fault Tolerance, and Software Assurance: From Needs to Solution. December 1998.]]

Digital Library

Cited By

Ramkumar KRoychoudhury APaiva AAbreu RStorey M(2024)Sustainable Adaptive SecurityProceedings of the 2024 IEEE/ACM 46th International Conference on Software Engineering: Companion Proceedings10.1145/3639478.3639790(228-230)Online publication date: 14-Apr-2024
https://dl.acm.org/doi/10.1145/3639478.3639790
Mishra AMustafa K(2023)Security requirements specification by formal methods: a research metadata analysisMultimedia Tools and Applications10.1007/s11042-023-17218-483:14(41847-41866)Online publication date: 13-Oct-2023
https://doi.org/10.1007/s11042-023-17218-4
Albuquerque DMoreira AAraujo JGralha CGoulão MBrito I(2021)A Sustainability Requirements Catalog for the Social and Technical DimensionsConceptual Modeling10.1007/978-3-030-89022-3_30(381-394)Online publication date: 16-Oct-2021
https://doi.org/10.1007/978-3-030-89022-3_30
Show More Cited By

Index Terms

Reasoning about confidentiality at requirements engineering time
1. Software and its engineering
  1. Software creation and management
    1. Software development process management
      1. Software development methods
    2. Software development techniques
  2. Software notations and tools
    1. System description languages
      1. Specification languages

Recommendations

A framework for security requirements engineering
SESS '06: Proceedings of the 2006 international workshop on Software engineering for secure systems

This paper presents a framework for security requirements elicitation and analysis, based upon the construction of a context for the system and satisfaction arguments for the security of the system. One starts with enumeration of security goals based on ...
A soft computing approach for privacy requirements engineering: The PriS framework

Soft computing continuously gains interest in many fields of academic and industrial domain; among the most notable characteristics for using soft computing methodological tools is the ability to handle with vague and imprecise data in decision making ...
Secure Tropos framework for software product lines requirements engineering

Security and requirements engineering are two of the most important factors of success in the development of a software product line (SPL). Goal-driven security requirements engineering approaches, such as Secure Tropos, have been proposed as a suitable ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ESEC/FSE-13: Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering

September 2005

402 pages

ISBN:1595930140

DOI:10.1145/1081706

General Chair:
Michel Wermelinger
The Open University, UK
,
Program Chair:
Harald C. Gall
University of Zurich, Switzerland

Copyright © 2005 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 September 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

ESEC/FSE05

Sponsor:

ESEC/FSE05: Joint 10th European Software Engineering Conference 2005

September 5 - 9, 2005

Lisbon, Portugal

Acceptance Rates

Overall Acceptance Rate 112 of 543 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
733
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ramkumar KRoychoudhury APaiva AAbreu RStorey M(2024)Sustainable Adaptive SecurityProceedings of the 2024 IEEE/ACM 46th International Conference on Software Engineering: Companion Proceedings10.1145/3639478.3639790(228-230)Online publication date: 14-Apr-2024
https://dl.acm.org/doi/10.1145/3639478.3639790
Mishra AMustafa K(2023)Security requirements specification by formal methods: a research metadata analysisMultimedia Tools and Applications10.1007/s11042-023-17218-483:14(41847-41866)Online publication date: 13-Oct-2023
https://doi.org/10.1007/s11042-023-17218-4
Albuquerque DMoreira AAraujo JGralha CGoulão MBrito I(2021)A Sustainability Requirements Catalog for the Social and Technical DimensionsConceptual Modeling10.1007/978-3-030-89022-3_30(381-394)Online publication date: 16-Oct-2021
https://doi.org/10.1007/978-3-030-89022-3_30
Mishra AMustafa K(2021)A review on security requirements specification by formal methodsConcurrency and Computation: Practice and Experience10.1002/cpe.670234:5Online publication date: 17-Nov-2021
https://doi.org/10.1002/cpe.6702
Niazi MSaeed AAlshayeb MMahmood SZafar S(2020)A Maturity Model for Secure Requirements EngineeringComputers & Security10.1016/j.cose.2020.101852(101852)Online publication date: May-2020
https://doi.org/10.1016/j.cose.2020.101852
Rehman SGruhn VShafiq SInayat I(2018)A Systematic Mapping Study on Security Requirements Engineering Frameworks for Cyber-Physical SystemsSecurity, Privacy, and Anonymity in Computation, Communication, and Storage10.1007/978-3-030-05345-1_37(428-442)Online publication date: 7-Dec-2018
https://doi.org/10.1007/978-3-030-05345-1_37
Earle CFrance RRay I(2014)Analysing Requirements to Detect Latent Security VulnerabilitiesProceedings of the 2014 IEEE Eighth International Conference on Software Security and Reliability-Companion10.1109/SERE-C.2014.35(168-175)Online publication date: 30-Jun-2014
https://dl.acm.org/doi/10.1109/SERE-C.2014.35
Omoronyia ICavallaro LSalehie MPasquale LNuseibeh BNotkin DCheng BPohl K(2013)Engineering adaptive privacy: on the role of privacy awareness requirementsProceedings of the 2013 International Conference on Software Engineering10.5555/2486788.2486872(632-641)Online publication date: 18-May-2013
https://dl.acm.org/doi/10.5555/2486788.2486872
Omoronyia ICavallaro LSalehie MPasquale LNuseibeh B(2013)Engineering adaptive privacy: On the role of privacy awareness requirements2013 35th International Conference on Software Engineering (ICSE)10.1109/ICSE.2013.6606609(632-641)Online publication date: May-2013
https://doi.org/10.1109/ICSE.2013.6606609
Paja EDalpiaz FGiorgini P(2013)Managing Security Requirements Conflicts in Socio-Technical SystemsProceedings of the 32nd International Conference on Conceptual Modeling - Volume 821710.1007/978-3-642-41924-9_23(270-283)Online publication date: 11-Nov-2013
https://dl.acm.org/doi/10.1007/978-3-642-41924-9_23
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten