The Open UniversitySkip to content
 

“Why can’t I do that?”: tracing adaptive security decisions

Nhlabatsi, Armstrong; Tun, Thein; Khan, Niamul; Yu, Yijun; Bandara, Arosha; Khan, Khaled M. and Nuseibeh, Bashar (2015). “Why can’t I do that?”: tracing adaptive security decisions. EAI Endorsed Transactions on Self-Adaptive Systems, 1(1), article no. e2.

Full text available as:
[img]
Preview
PDF (Proof) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Download (1MB) | Preview
DOI (Digital Object Identifier) Link: https://doi.org/10.4108/sas.1.1.e2
Google Scholar: Look up in Google Scholar

Abstract

One of the challenges of any adaptive system is to ensure that users can understand how and why the behaviour of the system changes at runtime. This is particularly important for adaptive security behaviours which are essential for applications that are used in many different contexts, such as those hosted in the cloud. In this paper, we propose an approach for using traceability information, enriched with causality relations and contextual attributes of the deployment environment, when providing feedback to the users. We demonstrate, using a cloud storage-as-a-service environment, how our approach provides users of cloud applications better information, explanations and assurances about the security decisions made by the system. This enables the user to understand why a certain security adaptation has occurred, how the adaptation is related to current context of use of the application, and a guarantee that the application still satisfies its security requirements after an adaptation.

Item Type: Article
Copyright Holders: 2015 A. Nhlabatsi et al.
Project Funding Details:
Funded Project NameProject IDFunding Body
Adaptive Information Security: Relating Security Requirements to Design (XC-11-067-BN)NPRP 5-079-1-018Qatar National Research Fund
Keywords: traceability; causality; entailment relation; security requirements; policies
Academic Unit/School: Faculty of Science, Technology, Engineering and Mathematics (STEM) > Computing and Communications
Faculty of Science, Technology, Engineering and Mathematics (STEM)
Interdisciplinary Research Centre: Centre for Research in Computing (CRC)
Centre for Policing Research and Learning (CPRL)
International Development & Inclusive Innovation
Item ID: 41870
Depositing User: Thein Tun
Date Deposited: 02 Feb 2015 10:03
Last Modified: 10 Feb 2017 03:57
URI: http://oro.open.ac.uk/id/eprint/41870
Share this page:

Altmetrics

Scopus Citations

Download history for this item

These details should be considered as only a guide to the number of downloads performed manually. Algorithmic methods have been applied in an attempt to remove automated downloads from the displayed statistics but no guarantee can be made as to the accuracy of the figures.

▼ Automated document suggestions from open access sources

Actions (login may be required)

Policies | Disclaimer

© The Open University   + 44 (0)870 333 4340   general-enquiries@open.ac.uk