The Open UniversitySkip to content
 

Towards explaining rebuttals in security arguments

Yu, Yijun; Piwek, Paul; Tun, Thein Than and Nuseibeh, Bashar (2014). Towards explaining rebuttals in security arguments. In: 14th Workshop on Computational Models of Natural Argument, 10 Dec 2014, Krakow, Poland.

Full text available as:
[img]
Preview
PDF (Version of Record) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Download (223kB) | Preview
URL: http://cmna.csc.liv.ac.uk//CMNA14/Yu.pdf
Google Scholar: Look up in Google Scholar

Abstract

The satisfaction of software security requirements can be argued using supporting facts and domain assumptions. Sometimes, these facts or assumptions may be questioned, as more knowledge about vulnerabilities becomes available. This results in rebuttals that can be derived from the new information. In this paper, we outline an extension of our OpenArgue tool with an explanation facility that makes a rebuttal more transparent by showing, step by step, why the original security argument does not hold. We achieve this by using the output of the Alligator theorem prover, which constructs explicit and checkable proof objects. We illustrate the feasibility of this approach by applying it to an existing case study of a PIN entry device which involves a security argument that has been rebutted. The output of the prover enables us to unpack the logical reasoning behind the rebuttal at a much greater level of detail. This promises to be useful for argument explanation.

Item Type: Conference or Workshop Item
Copyright Holders: 2014 The Authors
Project Funding Details:
Funded Project NameProject IDFunding Body
Adaptive Security And Privacy (XC-11-004-BN)291652EC (European Commission): FP (inc.Horizon2020, ERC schemes)
Keywords: security requirements; proof systems; formal arguments
Academic Unit/School: Faculty of Science, Technology, Engineering and Mathematics (STEM) > Computing and Communications
Faculty of Science, Technology, Engineering and Mathematics (STEM)
Research Group: Centre for Research in Computing (CRC)
International Development & Inclusive Innovation
Related URLs:
Item ID: 40113
Depositing User: Yijun Yu
Date Deposited: 18 Dec 2014 11:37
Last Modified: 02 May 2018 13:59
URI: http://oro.open.ac.uk/id/eprint/40113
Share this page:

Download history for this item

These details should be considered as only a guide to the number of downloads performed manually. Algorithmic methods have been applied in an attempt to remove automated downloads from the displayed statistics but no guarantee can be made as to the accuracy of the figures.

Actions (login may be required)

Policies | Disclaimer

© The Open University   contact the OU