Information Technology Reference
In-Depth Information
S
0
Systemic
Relation
S
1
S
2
C
1a
C
1b
C
1c
C
2a
C
2b
Components
{
Figure 6.4 System relations. (this representation of systemic relations is
inspired by Bruce Schneier's work on attack trees.)
engineering process can be quite involved and take quite a bit of time. Using the
discipline of the IA
2
Process will provide a consistent, repeatable process that applies
at every level of decomposition.
6.4.3
Domain Functional-Isolation
Requirements Engineering
Domain functional isolation identifies the entities or collection of entities and
decomposes their interactions through their respective interfaces. The methods
above decompose the larger process (a relative perspective) into its constituent parts.
The domain functional-isolation requirements engineering method starts with the
domain concept, but rather than decompose the domain into its constituent parts,
the focus here is on domain functionality. Domain functionality includes intrado-
main and interdomain operations. Interdomain functionality is how the domain
gets inputs and provides outputs. Intradomain functionality is how a domain pro-
cesses the inputs and produces the outputs.
A domain may be a single entity or a collection of entities. Domain interfaces
facilitate
domain interactions
. Domain environments define the scope of domain
operations; domain environments may be physical or cyber. Domain environ-
ments bounded by physical proximity are
regions
, while those bounded by logi-
cal relationships are communities of interest (COIs). When addressing a single
entity, the phrases “entity functional isolation” and “domain functional isola-
tion” are interchangeable. Domain interfaces are the visible parts of the domain
to other domains.
Requirements describe the desired behavior.
Security requirements describe
qualifications or restrictions on the desired behavior. The intent of these security
requirements is to mitigate business risk.
Domain behavioral constraints that miti-
gate risk are the security requirements.
For example, Figure 6.5 shows five domains and a variety of interactions. The
domains are person X, person Y, laptop, wireless access point (WAP), and server.
Person X interacts with person Y via their respective interfaces. Both people inter-
act with the laptop; e.g., person X may be a security guard and uses the laptop
to validate person Y's identity by having person Y swipe an identity card and use
