How to Specify Security Services: A Practical Approach

TitleHow to Specify Security Services: A Practical Approach
Publication TypeConference Paper
Year of Publication2003
AuthorsJ. Lopez, J. J. Ortega, J. M. Troya, and J. L. Vivas
Conference Name7th IFIP Conference on Multimedia and Communications Security (CMS’03)
Series TitleLNCS
Volume2828
Pagination158-171
Date PublishedOctober
PublisherSpringer-Verlag
Conference LocationTorino, Italy
ISBN Number3-540-20185-8
Abstract

Security services are essential for ensuring secure communications. Typically no consideration is given to security requirements during the initial stages of system development. Security is only added latter as an afterthought in function of other factors such as the environment into which the system is to be inserted, legal requirements, and other kinds of constraints. In this work we introduce a methodology for the specification of security requirements intended to assist developers in the design, analysis, and implementation phases of protocol development. The methodology consists of an extension of the ITU-T standard requirements language MSC and HMSC, called SRSL, defined as a high level language for the specification of security protocols. In order to illustrate it and evaluate its power, we apply the new methodology to a real world example, the integration of an electronic notary system into a web-based multi-users service platform.

Citation Keyjavierlopez2003a
Paper File: 
https://www.nics.uma.es/sites/default/files/papers/javierlopez2003a.pdf