This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Securing the Skies: In Requirements We Trust
September 2009 (vol. 42 no. 9)
pp. 64-72
Bashar Nuseibeh, The Open University
Charles B. Haley, The Open University
The authors describe their experiences applying a security requirements analysis to an air traffic control project using a framework that offers different forms of structured argumentation. In deploying the framework, they also learned several lessons about security requirements.

1. B. Schneier, Secrets and Lies: Digital Security in a Networked World, Wiley, 2000.
2. R. Crook et al., "Security Requirements Engineering: When Anti-Requirements Hit the Fan," Proc. 10th Anniversary IEEE Joint Int'l Conf. Requirements Eng. (RE 02), IEEE CS Press, 2002, pp. 203-205.
3. A.I. Antón ed., special issue on "Requirements Engineering for Information Security," Requirements Eng., Dec. 2002, pp. 177-287.
4. C.B. Haley et al., "Security Requirements Engineering: A Framework for Representation and Analysis," IEEE Trans. Software Eng., Jan. 2008, pp. 133-153.
5. B. Nuseibeh and S. Easterbrook, "Requirements Engineering: A Roadmap," Proc. Conf. Future of Software Eng. (FOSE 00), ACM Press, 2000, pp. 35-46.
6. P.T. Devanbu and S. Stubblebine, "Software Engineering for Security: A Roadmap," Proc. Conf. Future of Software Eng. (FOSE 00), ACM Press, 2000, pp. 227-239.
7. M. Glinz, "On Non-Functional Requirements," Proc. 15th IEEE Int'l Requirements Eng. Conf. (RE 07), IEEE CS Press, 2007, pp. 21-26.
8. D. MacKenzie, Mechanizing Proof: Computing, Risk, and Trust, MIT Press, 2001.
9. B. Nuseibeh, "Weaving Together Requirements and Architectures," Computer, Mar. 2001, pp. 115-117.
10. C. Foster and M. Watson, "CRISTAL UK—Final Project Report," report no. EN-CRISTAL-UK/WP0/FPR/D1.1, 19 Oct. 2007, Eurocontrol; www.eurocontrol.int/cascade/public/site_preferences display_library_list_public.html .
11. M. Jackson, Problem Frames: Analysing and Structuring Software Development Problems, Addison-Wesley/ACM Press, 2001.
12. J. Moffett et al., "A Model for a Causal Logic for Requirements Engineering," Requirements Eng., Mar. 1996, pp. 27-46.
13. S. Toulmin, The Uses of Argument, updated ed., Cambridge Univ. Press, 2003.
14. T.P. Kelly, "Arguing Safety—A Systematic Approach to Safety Case Management," doctoral dissertation, University of York, 1999.
15. A. van Lamsweerde, "Elaborating Security Requirements by Construction of Intentional Anti-Models," Proc. 26th Int'l Conf. Software Eng. (ICSE 04), IEEE CS Press, 2004, pp. 148-157.
16. I.A. T⊘ndel, M.G. Jaatun, and P.H. Meland, "Security Requirements for the Rest of Us: A Survey," IEEE Software, Jan./Feb. 2008, pp. 20-27.
17. G. Sindre and A.L. Opdahl, "Eliciting Security Requirements by Misuse Cases," Proc. 37th Int'l Conf. Technology of Object-Oriented Languages and Systems (TOOLS-Pacific 00), IEEE CS Press, 2000, pp. 120-131.

Index Terms:
Security requirements engineering, Security requirements analysis
Citation:
Bashar Nuseibeh, Charles B. Haley, Craig Foster, "Securing the Skies: In Requirements We Trust," Computer, vol. 42, no. 9, pp. 64-72, Sept. 2009, doi:10.1109/MC.2009.299
Usage of this product signifies your acceptance of the Terms of Use.