D2.2 System Security Requirements, Risk and Threat Analysis - 1st Iteration
AIT, ATOS, FOKUS, TUG, KAU, LISPA, SIC
On a high level, the central goal of the CREDENTIAL project is to develop a privacy-preserving data sharing platform (wallet) with integrated identity provider (IdP), which can be used to share authenticated data without the wallet learning any of the user's personal information. The functionality and added value of these services will be showcased by concrete pilots from the domains of eGovernment, eHealth, and eBusiness.
A central task that needs to be performed before and in parallel to the actual implementation and development of such a service is to precisely specify the requirements the system has to fulll. This requirement engineering process is necessary to achieve best possible acceptance by all stakeholders, but also to identify and resolve potentially conflicting requirements posed by different stakeholders.
The requirement analysis is consists of the assessment of functional and non-functional requirements. This document focuses on the non-functional security requirements of the developed core components, ranging from software architecture requirements over deployment and life-cycle management, via communication, user-management, and logging, through to server- and client-specfiic requirements. Because of the very early stage of the project, this document mainly focuses on generic requirements that are not specic to the CREDENTIAL pilots, but apply to many web applications. However, certain design decisions have already been made and are addressed in this document. Also, wherever possible, requirements, inherently coming from the very own approach of CREDENTIAL and going beyond those of existing IdP and data sharing platforms, are discussed.
Besides the specication of non-functional security requirements, we give a precise description of the considered adversary model.
Furthermore, we describe the security risk management approach that is used to evaluate actual risks in CREDENTIAL . We here follow a STRIDE&DREAD approach. Also, a preliminary high-level risk assessment is given and already considered in the requirements engineering pro-
The full version of this deliverable can be downloaded here.