The Open UniversitySkip to content

Risk and argument: a risk-based argumentation method for practical security

Franqueira, Virginia Nunes Leas; Tun, Thein Than; Yu, Yijun; Wieringa, Roel and Nuseibeh, Bashar (2011). Risk and argument: a risk-based argumentation method for practical security. In: 19th IEEE International Conference on Requirements Engineering, 29 Aug - 2 Sep 2011, Trento, Italy, pp. 239–248.

Full text available as:
PDF (Accepted Manuscript) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Download (358kB)
DOI (Digital Object Identifier) Link:
Google Scholar: Look up in Google Scholar


When showing that a software system meets certain security requirements, it is often necessary to work with formal and informal descriptions of the system behavior, vulnerabilities, and threats from potential attackers. In earlier work, Haley et al. [1] showed that structured argumentation could deal with such mixed descriptions. However, incomplete and uncertain information, and limited resources force practitioners to settle for good-enough security. To deal with these conditions of practice, we extend the method of Haley et al. with risk assessment. The proposed method, RISA (RIsk assessment in Security Argumentation), uses public catalogs of security expertise to support the risk assessment, and to guide the security argumentation in identifying rebuttals and mitigations for security requirements satisfaction. We illustrate RISA with a realistic example of PIN Entry Device.

Item Type: Conference or Workshop Item
Copyright Holders: 2011 IEEE
ISBN: 1-4577-0924-4, 978-1-4577-0924-1
ISSN: 1090-705X
Project Funding Details:
Funded Project NameProject IDFunding Body
SecureChangeNot SetEuropean Union
Not Set03/CE2/I303_1Science Foundation Ireland
Extra Information: Pages 239-248 in published proceedings
Distinguished Research Paper
Keywords: requirements engineering; argumentation; security engineering; risk assessment
Academic Unit/School: Faculty of Science, Technology, Engineering and Mathematics (STEM) > Computing and Communications
Faculty of Science, Technology, Engineering and Mathematics (STEM)
Research Group: Centre for Research in Computing (CRC)
Item ID: 28980
Depositing User: Yijun Yu
Date Deposited: 22 Jun 2011 15:22
Last Modified: 07 Dec 2018 23:11
Share this page:


Altmetrics from Altmetric

Citations from Dimensions

Download history for this item

These details should be considered as only a guide to the number of downloads performed manually. Algorithmic methods have been applied in an attempt to remove automated downloads from the displayed statistics but no guarantee can be made as to the accuracy of the figures.

Actions (login may be required)

Policies | Disclaimer

© The Open University   contact the OU