Security Analysis Process Requirements

Note

Security Analysis is used as an umbrella term.

Security Analysis Structure		status: valid
tags: done_automation, security_analysis satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
Security Analysis shall be hierarchically grouped into different levels. Following levels are defined: Platform Feature Component
gd_req__sec_structure		Process Requirements

Process Security Analysis Attributes

Security Analysis attribute: UID		status: valid
tags: done_automation, attribute, mandatory, security_analysis satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
Each Security Analysis shall have a unique ID. It shall be in a format which is also human readable and consists of Type of Security Analysis Name of analyzed structural element (e.g. Persistency, FEO, etc.) Element descriptor (e.g. KVS__Open KVS or KVS__GetKeyValue) The naming convention shall be defined in the project and shall be used consistently.
gd_req__sec_attr_uid		Process Requirements

Security Analysis attribute: title		status: valid
tags: manual_prio_1, attribute, mandatory, security_analysis satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
The title of the Security Analysis shall provide a short summary of the description
gd_req__sec_attr_title		Process Requirements

Security Analysis attribute: mitigated by		status: valid
tags: prio_1_automation, attribute, optional, security_analysis satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
Each threat shall have an associated treatment (accept, avoid, reduce, share) or AoU. If mitigation has not yet been implemented, do not use this option. If status == valid then mitigated_by is mandatory.
gd_req__sec_attr_mitigated_by		Process Requirements

Security Analysis attribute: mitigation issue		status: valid
tags: prio_1_automation, attribute, optional, security_analysis satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
If a new mitigation is needed link to the issue and keep status invalid until mitigation is sufficient.
gd_req__sec_attr_mitigation_issue		Process Requirements

Security Analysis attribute: sufficient		status: valid
tags: prio_1_automation, attribute, mandatory, security_analysis satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
The mitigation(s) shall be rated as sufficient with <yes> or <no>. A mitigation can only be sufficient if a mitigation is linked via the attribute mitigation.
gd_req__sec_attr_sufficient		Process Requirements

Security Analysis content: argument		status: valid
tags: prio_1_automation, attribute, mandatory, security_analysis satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
The argument shall describe why the mitigation is sufficient or not. If it is not sufficient, the argument shall describe how the mitigation can be improved to achieve sufficiency. The argument shall be written in the content.
gd_req__sec_argument		Process Requirements

Security Analysis attribute: status		status: valid
tags: prio_1_automation, attribute, mandatory, security_analysis satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
Each Security Analysis shall have the status invalid until the analysis is finished. The status shall be set to valid if the analysis is finished and all issues are closed.
gd_req__sec_attr_status		Process Requirements

Security Analysis attribute: threat impact		status: valid
tags: prio_1_automation, attribute, mandatory, security_analysis satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
Every Security Analysis shall have a short description of the threat impact (e.g. threat leads to unauthorized access of the analyzed element)
gd_req__sec_attr_teffect		Process Requirements

Security Analysis Linkage

Security Analysis Linkage check		status: valid
tags: prio_1_automation, attribute, automated, security_analysis satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
Security Analysis shall be linked to the architecture view on the corresponding level via the attribute violates.
gd_req__sec_linkage_check		Process Requirements

Security Analysis Linkage		status: valid
tags: prio_2_automation, attribute, automated, security_analysis satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
Each Security Analysis shall be automatically linked (inverse direction) to the corresponding architecture view via the “violates by” linkage.
gd_req__sec_linkage		Process Requirements

Security Analysis attribute: check Requirements linkage		status: valid
tags: prio_1_automation, attribute, automated, security_analysis satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
Security Analysis shall be linked to a requirement on the corresponding level via the attribute “mitigated by”.
gd_req__sec_attr_requirements_check		Process Requirements

Security Analysis attribute: Requirements linkage		status: valid
tags: prio_2_automation, attribute, automated, security_analysis satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
Each Security Analysis shall be automatically linked to the corresponding Security Requirement via the mitigates linkage.
gd_req__sec_attr_requirements		Process Requirements

Security Analysis attribute: link to Aou		status: valid
tags: prio_1_automation, attribute, automated, security_analysis satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
It shall be possible to link AoU.
gd_req__sec_attr_aou		Process Requirements

Security Analysis attribute: versioning		status: valid
tags: prio_2_automation, attribute, automated, security_analysis satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
It shall be possible to detect any differences in mandatory attributes compared to the versioning: Security Analysis mandatory... (gd_req__sec_attr_mandatory).
gd_req__sec_attr_ver		Process Requirements

Security Analysis Linkage status check		status: valid
tags: prio_3_automation, attribute, automated, security_analysis satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
It shall be checked that the Security Analysis can only be linked against valid security elements (architecture view, requirement, AoU). A valid security element has the attribute ‘status == valid’ and is security-relevant.
gd_req__sec_linkage_status_check		Process Requirements

Security Analysis Checks

Security Analysis mandatory attributes provided		status: valid
tags: prio_1_automation, attribute, check, security_analysis satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
It shall be checked if all mandatory attributes for each Security Analysis are provided by the user. For all Security Analysis following attributes shall be mandatory: Overview mandatory Security Analysis attributes Title Security Analysis content: argument Security Analysis attribute: status Threat Model attribute: threat ID Security Analysis attribute: sufficient Security Analysis attribute: threat impact Security Analysis attribute: threat scenario ID Security Analysis attribute: title Security Analysis attribute: UID
gd_req__sec_attr_mandatory		Process Requirements

Security Analysis linkage security		status: valid
tags: prio_2_automation, attribute, check, security_analysis satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
It shall be checked that Security Analysis can only be linked via mitigate_by against <Feature | Component | AoU> Requirements with at least one Requirement with the security identifier set that is analyzed and linked via violates.
gd_req__sec_linkage_security		Process Requirements

Security Analysis finalization check		status: valid
tags: prio_2_automation, attribute, automated, security_analysis satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
It shall be checked if all artifacts of the analysis are “valid” and “sufficient”.
gd_req__sec_finalization_check		Process Requirements

Threat Scenario Security Process Requirements

Security Analysis attribute: threat scenario ID		status: valid
tags: prio_1_automation, attribute, mandatory, security_analysis satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
Each threat scenario used for the Security Analysis shall have a threat scenario ID. The threat scenario ID is used to identify the related threat <Security Analysis threat sc... (gd_guidl__sec_ana_threat_scenarios)>. The threat scenario ID links to the corresponding threat scenario which describes how a potential attack can occur.
gd_req__sec_attr_threat_scenario_id		Process Requirements

Threat Models Process Requirements

Threat Model attribute: threat ID		status: valid
tags: prio_1_automation, attribute, mandatory, security_analysis satisfies: wf__analyse_sec_featarch, wf__analyse_sec_comparch
Each threat used for Security Analysis shall have a threat ID. The threat ID is used to identify the related threat <STRIDE Threat Model (gd_guidl__threat_models_stride)>. The threat ID links to the corresponding threat which describes how a potential attack can occur.
gd_req__sec_attr_stride_threat_id		Process Requirements