|Title||How to Specify Security Services: A Practical Approach|
|Publication Type||Conference Paper|
|Year of Publication||2003|
|Authors||J. Lopez, J. J. Ortega, J. M. Troya, and J. L. Vivas|
|Conference Name||7th IFIP Conference on Multimedia and Communications Security (CMS’03)|
|Conference Location||Torino, Italy|
Security services are essential for ensuring secure communications. Typically no consideration is given to security requirements during the initial stages of system development. Security is only added latter as an afterthought in function of other factors such as the environment into which the system is to be inserted, legal requirements, and other kinds of constraints. In this work we introduce a methodology for the specification of security requirements intended to assist developers in the design, analysis, and implementation phases of protocol development. The methodology consists of an extension of the ITU-T standard requirements language MSC and HMSC, called SRSL, defined as a high level language for the specification of security protocols. In order to illustrate it and evaluate its power, we apply the new methodology to a real world example, the integration of an electronic notary system into a web-based multi-users service platform.
How to Specify Security Services: A Practical Approach