By Topic

Computer-assisted validation and verification of cybersecurity requirements

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

5 Author(s)
Drusinsky, D. ; Dept. of Comput. Sci., Naval Postgrad. Sch., Monterey, CA, USA ; Michael, J.B. ; Otani, T.W. ; Man-Tak Shing
more authors

Errors in requirements are often a contributing cause of the failure of critical infrastructure and their underlying information systems to adequately guard against cyber intrusions and withstand cyber attacks. However, detecting errors in the cybersecurity requirements, and for requirements in general, is a challenging task. In this paper we describe how computer-aided formal verification and validation can be leveraged to address the challenge of correctly capturing natural language cybersecurity requirements, converting the natural language statements into formal requirements specifications, and then checking the formal specifications to ensure that they match the original intent of the stakeholders. Our approach centers on creating a one-to-one mapping between natural language requirements and UML statechart assertions. Statechart assertions are Boolean statements about the expected behavior of the system, expressed as UML statecharts. The set of assertions created by the security or software engineer is a formal model of the system's requirements. We demonstrate our approach using examples of formally specifying and validating requirements for correct cyber system behaviors and the detection of illegal business schemes in choreographed web services.

Published in:

Technologies for Homeland Security (HST), 2010 IEEE International Conference on

Date of Conference:

8-10 Nov. 2010