The Open UniversitySkip to content

Assessing Security and Privacy Behavioural Risks for Self-Protection Systems

Yu, Yijun; Nobukazu, Yoshioka and Tamai, Tetsuo (2019). Assessing Security and Privacy Behavioural Risks for Self-Protection Systems. In: Yu, Yijun; Bandara, Arosha; Honiden, Shinichi; Hu, Zhenjiang; Tamai, Tetsuo; Muller, Hausi; Mylopoulos, John and Nuseibeh, Bashar eds. Engineering Adaptive Software Systems. Singapore: Springer, Singapore, pp. 135–147.

DOI (Digital Object Identifier) Link:
Google Scholar: Look up in Google Scholar


Security and privacy can often be considered from two perspectives. The first perspective is that of the attacker who seeks to exploit vulnerabilities of the system to harm assets such as the software system itself or its users. The second perspective is that of the defender who seeks to protect the assets by minimising the likelihood of attacks on those assets. This chapter focuses on analysing security and privacy risks from these two perspectives considering both the software system and its uncertain environment including uncertain human behaviours. These risks are dynamically changing at runtime, making them even harder to analyse. To compute the range of these risks, we highlight how to alternate between the attacker and the defender perspectives as part of an iterative process. We then quantify the risk assessment as part of adaptive security and privacy mechanisms complementing the logic reasoning of qualitative risks in argumentation (Yu et al., J Syst Softw 106:102–116, 2015). We illustrate the proposed approach through the risk analysis of examples in security and privacy.

Item Type: Book Section
Copyright Holders: 2019 Springer Nature Singapore Pte Ltd.
ISBN: 981-1321-84-1, 978-981-1321-84-9
Project Funding Details:
Funded Project NameProject IDFunding Body
Adaptive Security And Privacy (XC-11-004-BN)291652EC (European Commission): FP (inc.Horizon2020 & ERC schemes)
SAUSE: Secure, Adaptive, Usable Software EngineeringEP/R013144/1 (previous: EP/R005095/1)EPSRC (Engineering and Physical Sciences Research Council)
Keywords: security and privacy; self-protection; self-adaptive systems; risk assessment
Academic Unit/School: Faculty of Science, Technology, Engineering and Mathematics (STEM) > Computing and Communications
Faculty of Science, Technology, Engineering and Mathematics (STEM)
Research Group: Centre for Research in Computing (CRC)
Item ID: 60480
Depositing User: Yijun Yu
Date Deposited: 18 Apr 2019 11:39
Last Modified: 06 Jun 2019 09:09
Share this page:


Altmetrics from Altmetric

Citations from Dimensions

Actions (login may be required)

Policies | Disclaimer

© The Open University   contact the OU