In this paper, we discuss the use of formal requirements engineering techniques in capturing security requirements for a Grid-based operating system. Our approach is based on the KAOS methodology in which system goals can be refined to sets of requirements that can be satisfied by agents performing specific operations on system objects. We focus on the example of one security goal of interest to Gridbased systems, namely the authorisation to access data, and show how this goal can be refined into system requirements. Then we develop a model of anti-goals, and show how the model captures vulnerabilities that undermine the main security goal.
Content
Author and article information
Contributors
Benjamin Aziz
Alvaro Arenas
Juan Bicarregui
Brian Matthews
Erica Yang
Conference
Publication date:
December
2007
Publication date
(Print):
December
2007
Pages: 1-9
Affiliations
[0001]STFC e-Science Centre, Rutherford Appleton Laboratory
Didcot, OX11 0QX, UKwww.e-science.stfc.ac.uk/