The Open UniversitySkip to content
 

Automated analysis of security requirements through risk-based argumentation

Yu, Yijun; Franqueira, Virginia N. L.; Tun, Thein; Wieringa, Roel J. and Nuseibeh, Bashar (2015). Automated analysis of security requirements through risk-based argumentation. Journal of Systems and Software, 106 pp. 102–116.

Full text available as:
Full text not publicly available
Due to copyright restrictions, this file is not available for public download until 23 April 2017
Click here to request a copy from the OU Author.
URL: http://www.sciencedirect.com/science/article/pii/S...
DOI (Digital Object Identifier) Link: http://doi.org/10.1016/j.jss.2015.04.065
Google Scholar: Look up in Google Scholar

Abstract

Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about attacks, and constraints on organisational resources. In our earlier work on RISA (RIsk assessment in Security Argumentation), we showed that informal risk assessment can complement the formal analysis of security requirements. In this paper, we integrate the formal and informal assessment of security by proposing a unified meta-model and an automated tool for supporting security argumentation called OpenRISA. Using a uniform representation of risks and arguments, our automated checking of formal arguments can identify relevant risks as rebuttals to those arguments, and identify mitigations from publicly available security catalogues when possible. As a result, security engineers are able to make informed and traceable decisions about the security of their computer-based systems. The application of OpenRISA is illustrated with examples from a PIN Entry Device case study.

Item Type: Journal Article
Copyright Holders: 2015 Elsevier Inc.
ISSN: 1873-1228
Project Funding Details:
Funded Project NameProject IDFunding Body
Adaptive Security And Privacy (XC-11-004-BN)291652EC: FP
Keywords: structured argumentation; risk assessment; security analysis; public catalogue search; PIN entry device
Academic Unit/Department: Mathematics, Computing and Technology > Computing & Communications
Mathematics, Computing and Technology
Interdisciplinary Research Centre: Centre for Research in Computing (CRC)
Related URLs:
Item ID: 42548
Depositing User: Yijun Yu
Date Deposited: 24 Apr 2015 10:38
Last Modified: 16 May 2016 11:32
URI: http://oro.open.ac.uk/id/eprint/42548
Share this page:

Altmetrics

Scopus Citations

▼ Automated document suggestions from open access sources

Actions (login may be required)

Policies | Disclaimer

© The Open University   + 44 (0)870 333 4340   general-enquiries@open.ac.uk