A practical approach to security assessment

Darrell M. Kienzle, William A. Wulf
1997 Proceedings of the 1997 workshop on New security paradigms - NSPW '97  
The Problem Conventional approaches to building and assessing securitycritical software are based on the implicit assumption that security is the single most important concern and can be the primary factor driving the software development process. Changes in the marketplace and the nature of security requirements have brought this assumption into question. There is now a large class of systems in which security must compete with other development goals. A risk-driven process model of software
more » ... velopment provides a framework for building software that balances conflicting requirements. But a risk-driven process invalidates many of the assumptions made by conventional approaches to the specification and verification of security requirements. This paper presents a new approach to assessing the degree to which softiare meets its security requirements. It does not propose a new specification notation or analysis technique, but provides a general framework into which existing notations and techniques can be integrated. It allows varying degrees of formality to be used: both across the components of the system, and through the development process. The appropriate degree of formality is whatever degree proves necessary to satisfy the stakeholders in the system that the security goals have been met. This approach has been found to be theoretically appealing as well as useful in practice. Here we give a brief overview of the approach, explain how it integrates into a risk-driven process model, and discuss our early results in using it to assess, and thereby thus guide the development of the Legion security model.
doi:10.1145/283699.283731 dblp:conf/nspw/KienzleW97 fatcat:od22xt24gjdopiczxry2e2fyuy