Analysing Security Requirements Formally and Flexibly Based on Suspicion

Date Added: Jun 2010
Format: PDF

Increasingly, engineers need to approach security and software engineering in a unified way. This paper presents an approach to the formal analysis of security requirements that is based on model-checking and uses the concept of suspicion to guide the search for threats and security vulnerabilities in requirements. It proposes an approach to security analysis that favours exploration of a system's state space based on what is abnormal or suspicious to find threats and vulnerabilities, instead of ironclad security proofs that try to demonstrate that a system is secure; as this paper shows, such security proofs can often be misleading.