@inproceedings {Agudo2004, title = {Specification and formal verification of security requirements}, booktitle = {5th international conference on Computer systems and technologies (CompSysTech {\textquoteright}04)}, year = {2004}, pages = {1-6}, publisher = {ACM}, organization = {ACM}, address = {Rousse, Bulgaria}, abstract = {With the grown of internet and distributed applications, security requirements are going inherent to the software development process. Each time one communicates with some other one there are relevant security risk that must be taken in account. This is what is happening in the new soft-ware applications using client/server architecture. We propose including security requirements at the top level of development process, together with functional requirements because they are much related. With this information we are able to extract all communication protocols that are involved in our application and their associated security goals. This is the input to a verification phase in which we look for security flaws. The last step, and the more useful (and the not yet finished) is to use this information to modify our initial specification at the top level of the development process}, isbn = {954-9641-38-4}, doi = {10.1145/1050330.1050440}, author = {Isaac Agudo and Javier Lopez} }