FUNCTIONAL REQUIREMENTS FOR SECURE CODE: THE REFERENCE MONITOR AND USE CASE

ABSTRACT Information assurance, data security, and co rresponding issues are traditionally presentedin Systems Analysis and Design textbooks as non-functional requirements. Systems analysts canenforce secure design and code as one of the esse ntial goals of systems analysis and design by usingthe Reference Monitor concept as a means of requirements and design specification. Theapplication of the Reference Monitor during the ea rly stages of systems requirements specificationvia the Use Case emphasizes that information assurance is a critical functional requirement. INTRODUCTION Failure to incorporate security into systems requirements is a concern dating back at leasta quarter of a century (Schell, Downey & Popek, 1973, Pipkin, 2000). Compounding this oversightis the lack of attention paid to security in textbooks and the exclusion of security as a functionalrequirement (Haworth, 2002, Trimmer, Parker & Schou, 2007). The lack of ubiquitous system security requireme nts yields the ’penetrate and patch’ strategyfor secure code maintenance. This strategy, in addition to being costly to enforce and a source ofvulnerabilities, may compromise an organizati on’s system resources and corresponding operationswhen considered from an Information Assurance (IA) perspective (Schou, Trimmer & Parker,2005). The pervasive use of data by those both intern al and external to an organization has led toInformation Systems (IS) becoming a component of the organization’s communicationsinfrastructure, much as the fax and the telephone were before the broad adoption of personalcomputers at all levels of organizations. Once the telephone became an integral component oforganizations, certain functions became dependent upon it, such as the ability to quickly place orreceive orders from someone not physically located at the organization. Fax machines extended this,as they enabled orders to vendors and from cust omers to contain considerable detail about multipleitems that may have been more difficult to clearly communicate via verbal telephonecommunications.