Re: Procedure proposal from Gavigan, Kevin on 2015-07-29 (public-auto-privacy-security@w3.org from July 2015)

From: Gavigan, Kevin <kgavigan@jaguarlandrover.com>
Date: Wed, 29 Jul 2015 16:34:00 +0100
To: Junichi Hashimoto <xju-hashimoto@kddi.com>
Cc: public-auto-privacy-security@w3.org
Message-ID: <CAKaHsmcAh3GHRWnBCZK-g66W+VA5gKRgYXiS7Cx=Y_vDbBMX6w@mail.gmail.com>

Hi Junichi,

Thanks, your proposal seems like a good idea to me as it will help us to
gather scenarios more quickly

I will plan to add brief use cases to the spreadsheet...

Regards and best wishes,

Kevin

*Kevin Gavigan BSc (Hons), MSc, PhD, MCP MCTS*
*Software Architect*

*Connected Infotainment*


*Mobile: 07990 084866*
*Email:* kgavigan@jaguarlandrover.com

*Office address:*
*GO03/057** • **Building 523, **Gaydon** • **Maildrop: (G03)*
*Jaguar Land Rover • Banbury Road • Gaydon • Warwick • CV35 0RR*

On 24 July 2015 at 02:58, Junichi Hashimoto <xju-hashimoto@kddi.com> wrote:

> Hi,
>
> I've investigated several methods and practices of security/privacy
> analysis (e.g., goal oriented analysis, misuse case analysis, STRIDE/DREAD,
> ISO 15408, ITU-T X.1121) and think that we should apply a customized
> procedure for our case.
>
> Compared to usual security analysis, our security/privacy target is not
> completely definable because it is not actual software but rather a
> platform for software. So listing up use cases as Kevin did would be the
> best way to figure out our scope.
>
> On the other hand, I personally think we could start with a bit simpler
> description for our first step and add the details later, e.g., during the
> second iteration of use case discussion, to get ideas from wider stake
> holders.
>
> What do you think?
>
> FYI, I've just put some examples on a spreadsheet[1] to show what I am
> thinking.
>
> Also the following is the basic (simple) procedure I'd propose:
> Step 1. Listing up brief use cases and concerns
> Step 2. Select items for our scope and investigate them deeply (Kevin's is
> this level)
> Step 3. Derive requirements from the investigation
>
> In order to gather all the important points, I'd like to suggest we
> iterate the above procedure at least twice before LC.
>
> Please feel free to give your comments on the above proposal.
> I'd like to talk about this procedure during the upcoming f2f meeting in
> Seattle as well.
>
> [1]
> https://docs.google.com/spreadsheets/d/14ij-2I-H4HbilVQ_muCmUayVqmVfdbkoke690MA0kdo/edit#gid=0
>
> Junichi
>
>
>

Received on Wednesday, 29 July 2015 15:34:52 UTC