00000cab a22000003a 4500 UP-99796217608835107 Buklod 20231007234837.0 m |o d | ta 090513s xx d | ||r ||||| || DENGII eng De Landtsheer, Renaud Reasoning about confidentiality at requirements engineering time. pp. 41-49 Growing attention is being paid to application security at requirements engineering time. Confidentiality is a particular subclass of security concerns that requires sensitive information to never be disclosed to unauthorized agents. Disclosure refers to undesired knowledge states of such agents. In previous work we have extended our requirements specification framework with epistemic constructs for capturing what agents may or may not know about the application. Roughly, an agent knows some property if the latter is found in the agent's memory.This paper makes the semantics of such constructs further precise through a formal model of how sensitive information may appear or disappear in an agent's memory. Based on this extended framework, a catalog of specification patterns is proposed to codify families of confidentiality requirements. A proof-of-concept tool is presented for early checking of requirements models against such confidentiality patterns. In case of violation, the counterexample scenarios generated by the tool show how an unauthorized agent may acquire confidential knowledge. Counter-measures should then be devised to produce further confidentiality requirements. Software. Software engineering. Requirements / Specifications. Methodologies (e.g., object-oriented, structured). Languages. Tools. Design. Languages. Security. Verification. Bounded model checking. Reasoning about confidentiality. Security requirements. Specification patterns. Software engineering notes. 30, 5 (2005). FO UPD DENG-II Article