Defining security requirements for a remote access system

This paper presents some first results of the one-year project "Empirical Secure Software Engineering (ESSE)" which had the two aims (1) to define security requirements for a planned Secure Data Center remote access at GESIS in Germany and (2) to evaluate different threat modelling techniques. Such techniques are intended to assist software developers in defining and evaluating security risks for a system and in deducing necessary requirements for design, implementation and operation. Using several different modelling techniques a group of participating GESIS staff from various archiving and IT backgrounds generated a collection of threat models. We then interviewed participants about their viewpoints, aggregated the models and discussed them in a group session. Through this process we defined security requirements and translated them into implementable technical and organizational security recommendations. Our approach also enabled us to evaluate the applied techniques' strengths and weaknesses. We will explain some of the security requirements we defined and also show how our process allowed us to make visible different stakeholders' viewpoints, was able to support meaningful discussion, and facilitated decision making. Our process can be useful for other archives looking for ways to define security requirements in the fields of archiving and data sharing.