Re: Procedure proposal

Hi Junichi,

Thanks, I was about to add them yesterday and saw that they were already
appearing :-)

I will add more when I can.

Regards,

Kevin

*Kevin Gavigan BSc (Hons), MSc, PhD, MCP MCTS*
*Software Architect*

*Connected Infotainment*


*Mobile: 07990 084866*
*Email:* kgavigan@jaguarlandrover.com

*Office address:*
*GO03/057** • **Building 523, **Gaydon** • **Maildrop: (G03)*
*Jaguar Land Rover • Banbury Road • Gaydon • Warwick • CV35 0RR*

On 30 July 2015 at 06:30, Junichi Hashimoto <xju-hashimoto@kddi.com> wrote:

> Hi Kevin,
>
> During the meeting in Seattle, members have reached a consensus that the
> use case list is useful not only for security and privacy but also for
> Vehicle APIs. We've added many items (including your use cases) into the
> list and will discuss them in the next tel-conference.
>
> I'd like you to take a look on the list and add more items that are
> missing. We have only a few days but I hope we discuss the security and
> privacy aspect of the use cases via this ML before the tel-conference.
>
> Regards,
> Junichi
>
>
>
> On 15/07/29 08:34 , Gavigan, Kevin wrote:
>
>> Hi Junichi,
>>
>> Thanks, your proposal seems like a good idea to me as it will help us to
>> gather scenarios more quickly
>>
>> I will plan to add brief use cases to the spreadsheet...
>>
>> Regards and best wishes,
>>
>> Kevin
>>
>> *Kevin Gavigan BSc (Hons), MSc, PhD, MCP MCTS*
>> */Software Architect/*
>> */Connected Infotainment
>> /*
>>
>> */Mobile: 07990 084866
>> /*
>> /*Email:*/ kgavigan@jaguarlandrover.com
>> <mailto:kgavigan@jaguarlandrover.com>
>>
>> */Office address:/*
>> *GO03/057** • **Building 523, **Gaydon** • **Maildrop: (G03)**/
>> /**Jaguar Land Rover • Banbury Road • Gaydon • Warwick • CV35 0RR*
>>
>> On 24 July 2015 at 02:58, Junichi Hashimoto <xju-hashimoto@kddi.com
>> <mailto:xju-hashimoto@kddi.com>> wrote:
>>
>>     Hi,
>>
>>     I've investigated several methods and practices of security/privacy
>>     analysis (e.g., goal oriented analysis, misuse case analysis,
>>     STRIDE/DREAD, ISO 15408, ITU-T X.1121) and think that we should
>>     apply a customized procedure for our case.
>>
>>     Compared to usual security analysis, our security/privacy target is
>>     not completely definable because it is not actual software but
>>     rather a platform for software. So listing up use cases as Kevin did
>>     would be the best way to figure out our scope.
>>
>>     On the other hand, I personally think we could start with a bit
>>     simpler description for our first step and add the details later,
>>     e.g., during the second iteration of use case discussion, to get
>>     ideas from wider stake holders.
>>
>>     What do you think?
>>
>>     FYI, I've just put some examples on a spreadsheet[1] to show what I
>>     am thinking.
>>
>>     Also the following is the basic (simple) procedure I'd propose:
>>     Step 1. Listing up brief use cases and concerns
>>     Step 2. Select items for our scope and investigate them deeply
>>     (Kevin's is this level)
>>     Step 3. Derive requirements from the investigation
>>
>>     In order to gather all the important points, I'd like to suggest we
>>     iterate the above procedure at least twice before LC.
>>
>>     Please feel free to give your comments on the above proposal.
>>     I'd like to talk about this procedure during the upcoming f2f
>>     meeting in Seattle as well.
>>
>>     [1]
>>
>> https://docs.google.com/spreadsheets/d/14ij-2I-H4HbilVQ_muCmUayVqmVfdbkoke690MA0kdo/edit#gid=0
>>
>>     Junichi
>>
>>
>>
>>
>
>

Received on Thursday, 30 July 2015 07:46:22 UTC