Home Security Requirements for Services
Security Requirements for Services

The need for assurance in the Future Internet demands a set of novel engineering methodologies to guarantee secure system behaviour and provide credible evidence that the identified security requirements have been met from the point of view of all stakeholders. The security requirements of Future Internet applications will differ considerably from those of traditional applications. The reason is that Future Internet applications will not only be distributed geographically, as the traditional applications, but they will also involve an unprecedented multitude of autonomous stakeholders and an array of physical devices such as smart cards, phones, RFID sensors and so on that are perpetually connected and transmit a variety of information including identity, bank accounts, location, and so on. Addressing concerns about identity theft, unauthorized credit card usage, unauthorized transmission of information by third-party devices, trust, privacy, and so on are critical to the successful adoption of FI applications.

The main objective of the activity on security requirements is to provide requirements modelling support for Future Internet applications. The focus is to enable the modelling of high-level requirements that can be expressed in terms of high-level concepts such as compliance, privacy, trust, and so on. These can be subsequently mapped into more specific requirements that refer to devices and to specific services.

The major deliverables will address:

  • The definition of techniques for the identification of all stakeholders (including attackers), the elicitation of high-level security goals for all stakeholders, and the identification and resolution of conflicts between different stakeholder security goals;
  • The refinement of security goals into more detailed security requirements for specific services and devices;
  • The identification and resolution of conflicts between security requirements and other requirements (functional and other quality requirements);
  • The transformation of a consolidated set of security requirements into security specifications.