Specification and formal verification of security requirements

TitleSpecification and formal verification of security requirements
Publication TypeConference Paper
Year of Publication2004
AuthorsI. Agudo, and J. Lopez
Conference Name5th international conference on Computer systems and technologies (CompSysTech ’04)
Pagination1-6
PublisherACM
Conference LocationRousse, Bulgaria
ISBN Number954-9641-38-4
Abstract

With the grown of internet and distributed applications, security requirements are going inherent to the software development process. Each time one communicates with some other one there are relevant security risk that must be taken in account. This is what is happening in the new soft-ware applications using client/server architecture. We propose including security requirements at the top level of development process, together with functional requirements because they are much related. With this information we are able to extract all communication protocols that are involved in our application and their associated security goals. This is the input to a verification phase in which we look for security flaws. The last step, and the more useful (and the not yet finished) is to use this information to modify our initial specification at the top level of the development process

DOI10.1145/1050330.1050440
Citation KeyAgudo2004