Abstract
This paper argues for performing information-flow-based securityanalysis in the first phase of the software development life cycle itself ie in the requirements elicitation phase. Message Sequence Charts (MSC)s have been widely accepted as a formal scenario-based visual notation for writing down requirements. In this paper, we discuss a method for checking if a TMSC (Triggered Message Sequence Chart), a recently propsed enhancement to classical MSCs, satisifes one of the most important information flow properties namely non-interference.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Message sequence charts (MSC). ITU-TS Recommendation Z.120 (1996)
Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Comm. of the ACM 20(7), 504–513 (1977)
Wagner, D.: Static analysis and computer security:new techinques for software assurance. PhD thesis, University of California, Berkeley (2000)
Fenton, J.S.: Information protection systems. Ph.D thesis, University of Cambridge, England (1973)
Ryan, P.: Mathematical models of computer security–tutorial lectures. Foundations of Security Analysis and Design 2171, 1–62 (2001)
Reniers, M.A.: Message sequence chart: Syntax and semantics. PhD Thesis, Eindhoven University of Technology (1998)
Focardi, R., Gorrieri, R., Martinelli, F.: Information flow analysis in a discrete-time process algebra. In: IEEE Computer Security Foundations Workshop, pp. 170–184 (2000)
Ryan, P.: A csp formulation of non-interference and unwinding. Presented at CSFW 1990 and published in Cipher, Winter (1990-1991)
Sengupta, B., Cleaveland, R.: Refinement-based requirements modeling using triggered message sequence charts. In: IEEE International Requirements Engineering Conference (2003)
Sengupta, B.: Triggered message sequence charts. Ph.D Thesis, State University of New York, Stony Brook (2003)
Sengupta, B., Cleaveland, R.: Triggered message sequence charts. In: Proceedings of ACM SIGSOFT Foundations of Software Engineering, pp. 167–176 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ray, A., Sengupta, B., Cleaveland, R. (2004). Secure Requirements Elicitation Through Triggered Message Sequence Charts. In: Ghosh, R.K., Mohanty, H. (eds) Distributed Computing and Internet Technology. ICDCIT 2004. Lecture Notes in Computer Science, vol 3347. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30555-2_32
Download citation
DOI: https://doi.org/10.1007/978-3-540-30555-2_32
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24075-4
Online ISBN: 978-3-540-30555-2
eBook Packages: Computer ScienceComputer Science (R0)