Assignment No 1

Introduction:
Requirement gathering is most important step in Software Life Cycle. There
are different methods to collects these requirements and implement them
during different phases of programme life cycle. In this paper the focus is on
security requirements. Security requirements play an important role in
designing secure software. Current security engineering techniques fall short
in providing systematic and reliable means to translate security
requirements. To cater this problem Two methods (KAOS and B-Method) are
proposed .In first phase by using KAOS we formally construct a Complete,
Consistent and Clear security requirements model. Then these
requirements are feed into B-Method to generate Design Specifications
and Implementation.

Problem:
During the programme life cycle the main problem arise during the gathering
of requirements i.e. How to gather these requirements in formal and non
ambiguous manner. The problem become more complex for security
requirements as there is no formal way to gather these problems. Then
during the life cycle we have to implement it in step by step manner, so it is
necessary to implement them during the design phase of programme . Due
to these problems the system become vulnerable as organization attempt to
bolt on security mechanism, Security aspects are usually applied to product
late in development cycle and in an ad hoc manner leaving system
vulnerable. Moreover the total cost of other methods used to do this work is
not feasible economically.

Solution:
FADES (Formal Analysis and Design for Engineering Security) has been
proposed as solution toward highly secure software in a cost effective
manner. It is a requirement-driven software engineering approach.
In this process KAOS (Knowledge Acquisition for automated
specifications) security extension framework is use to formally build a
Complete, Consistent and Clear requirements. To achieve this KAOS take
requirements as a GOAL. Each requirement is a goal and any hindrances in
achieving that goal are also taken as goal. KAOS refined them in hierarchical
order by refining of higher goals into lower goals using AND/OR refinement
mechanism. The resulting hierarchy is acyclic graph .Goals are
Operationalised into operations performed by agents to perform these
goals. KAPS addresses security threat and vulnerability analysis through
obstacle analysis.
Once the security requirements are fully specified with KAOS the
objectives become specifications which could be refined to preserve the
defined security properties. The basic idea of B is to build an abstract model
of the system under development. Then more refined models are built using
initial model.
Fades perform an extra verification test to secure the properties specified
in requirement model. This is achieved by Goal Graph analysis tool and
Depth firth search algorithm (DFS).This is basically a consistency and
completeness check.