Trade-off analysis between security policies for Java mobile codes and requirements for Java application

† We propose a method for analyzing trade-off between security policies for Java mobile codes and requirements for Java application. We assume that mobile codes are downloaded from different sites, they are used in an application on a site, and their functions are restricted by security policies on the site. We clarify which functions can be performed under the policies on the site using our tool. We also clarify which functions are needed so as to meet the re- quirements for the application by goal oriented requirements analysis(GORA). By comparing functions derived from the policies and functions from the requirements, we can find conflicts between the policies and the requirements, and also find vagueness of the requirements. By using our tool and GORA again, we can decide which policies should be modified so as to meet the requirements. We can also decide which requirements should be abandoned so as to meet policies which can not be changed.