The Open UniversitySkip to content
 

Automated analysis of security requirements through risk-based argumentation

Yu, Yijun; Franqueira, Virginia N. L.; Tun, Thein; Wieringa, Roel J. and Nuseibeh, Bashar (2015). Automated analysis of security requirements through risk-based argumentation. Journal of Systems and Software, 106 pp. 102–116.

Full text available as:
[img]
Preview
PDF (Accepted Manuscript) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Download (772kB) | Preview
URL: http://www.sciencedirect.com/science/article/pii/S...
DOI (Digital Object Identifier) Link: https://doi.org/10.1016/j.jss.2015.04.065
Google Scholar: Look up in Google Scholar

Abstract

Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about attacks, and constraints on organisational resources. In our earlier work on RISA (RIsk assessment in Security Argumentation), we showed that informal risk assessment can complement the formal analysis of security requirements. In this paper, we integrate the formal and informal assessment of security by proposing a unified meta-model and an automated tool for supporting security argumentation called OpenRISA. Using a uniform representation of risks and arguments, our automated checking of formal arguments can identify relevant risks as rebuttals to those arguments, and identify mitigations from publicly available security catalogues when possible. As a result, security engineers are able to make informed and traceable decisions about the security of their computer-based systems. The application of OpenRISA is illustrated with examples from a PIN Entry Device case study.

Item Type: Article
Copyright Holders: 2015 Elsevier Inc.
ISSN: 1873-1228
Project Funding Details:
Funded Project NameProject IDFunding Body
Adaptive Security And Privacy (XC-11-004-BN)291652EC: FP
Keywords: structured argumentation; risk assessment; security analysis; public catalogue search; PIN entry device
Academic Unit/School: Faculty of Science, Technology, Engineering and Mathematics (STEM) > Computing and Communications
Faculty of Science, Technology, Engineering and Mathematics (STEM)
Interdisciplinary Research Centre: Centre for Policing Research and Learning (CPRL)
Centre for Research in Computing (CRC)
International Development & Inclusive Innovation
Related URLs:
Item ID: 42548
Depositing User: Yijun Yu
Date Deposited: 24 Apr 2015 10:38
Last Modified: 23 May 2017 09:55
URI: http://oro.open.ac.uk/id/eprint/42548
Share this page:

Altmetrics

Scopus Citations

Download history for this item

These details should be considered as only a guide to the number of downloads performed manually. Algorithmic methods have been applied in an attempt to remove automated downloads from the displayed statistics but no guarantee can be made as to the accuracy of the figures.

▼ Automated document suggestions from open access sources

Actions (login may be required)

Policies | Disclaimer

© The Open University   + 44 (0)870 333 4340   general-enquiries@open.ac.uk