Thursday, May 29, 2008

Developing Software Security Requirements

Software Security Requirements Engineering

Users may not be totally aware of the security risks, risks to the mission, and vulnerabilities associated with their system.

Commonly Used Techniques for Capturing Security Requirements can be broadly categorized as a top-down or a bottom-up analysis of possible security failures that could cause risk to the organization.

1. Fault Tree: Analysis for security is a top-down approach to identifying vulnerabilities. In a fault tree, the attacker’s goal is placed at the top of the tree. Then, the analyst documents possible alternatives for achieving that attacker goal. For each alternative, the analyst may recursively add precursor alternatives for achieving the subgoals that compose the main attacker goal. This process is repeated for each attacker goal. By examining the lowest level nodes of the resulting attack tree, the analyst can then identify all possible techniques for violating the system’s security; preventions for these techniques could then be specified as security requirements for the system.

2. Failure Modes and Effects Analysis (FMEA) is a bottom-up approach for analyzing possible security failures. The consequences of a simultaneous failure of all existing or planned security protection mechanisms are documented, and the impact of each failure on the system’s mission and stakeholders is traced.

Other techniques for developing system security requirements include threat modeling and misuse and abuse cases.