A Formal Technique for Concurrent Generation of Software’s Functional and Security Requirements in SOFL Specifications

Abstract

Formal methods offer a precise and concise way of expressing system requirements which can be tested and validated with formal proofs techniques. However, their application in the development of security aware industrial systems have been associated with high costs due to the difficulty in integrating the functional and security requirements which are generated in an ad hoc manner. Reducing this cost has been a subject of interest in software requirements engineering research. In this paper we propose a formal technique for concurrent generation of functional and security requirements that can help provide a systematic way of accounting for security requirements while specifying the functional requirements of a software. With this technique, the functional behaviors of the system are precisely defined using the Structured Object-Oriented Formal Language (SOFL). The security rules are systematically explored with the results incorporated into the functional specification as constraints. The resultant specification then defines the system functionality that implies the conformance to the security rules. Such a specification can be used as a firm foundation for implementation and testing of the implementation. We discuss the principle of integrating security rules with functional specifications and present a case study to demonstrate the feasibility of our technique.