A methodology for security assurance-driven system development

TitleA methodology for security assurance-driven system development
Publication TypeJournal Article
Year of Publication2011
AuthorsJ. L. Vivas, I. Agudo, and J. Lopez
JournalRequirements Engineering
Volume16
Number1
Pagination55-73
Date PublishedMar 2011
PublisherSpringer
ISSN Number0947-3602
Abstract

In this work, we introduce an assurance methodology that integrates assurance case creation with system development. It has been developed in order to provide trust and privacy assurance to the evolving European project PICOS (Privacy and Identity Management for Community Services), an international research project focused on mobile communities and community-supporting services, with special emphasis on aspects such as privacy, trust, and identity management. The leading force behind the approach is the ambition to develop a methodology for building and maintaining security cases throughout the system development life cycle in a typical system engineering effort, when much of the information relevant for assurance is produced and feedback can be provided to system developers. The first results of the application of the methodology to the development of the PICOS platform are presented.

DOI10.1007/s00766-010-0114-8
Citation Keyvivas2010
Paper File: 
https://www.nics.uma.es/sites/default/files/papers/vivas2010.pdf

Supported by