Copy the page URI to the clipboard
Yu, Yijun; Nobukazu, Yoshioka and Tamai, Tetsuo
(2019).
DOI: https://doi.org/10.1007/978-981-13-2185-6_6
Abstract
Security and privacy can often be considered from two perspectives. The first perspective is that of the attacker who seeks to exploit vulnerabilities of the system to harm assets such as the software system itself or its users. The second perspective is that of the defender who seeks to protect the assets by minimising the likelihood of attacks on those assets. This chapter focuses on analysing security and privacy risks from these two perspectives considering both the software system and its uncertain environment including uncertain human behaviours. These risks are dynamically changing at runtime, making them even harder to analyse. To compute the range of these risks, we highlight how to alternate between the attacker and the defender perspectives as part of an iterative process. We then quantify the risk assessment as part of adaptive security and privacy mechanisms complementing the logic reasoning of qualitative risks in argumentation (Yu et al., J Syst Softw 106:102–116, 2015). We illustrate the proposed approach through the risk analysis of examples in security and privacy.
Viewing alternatives
Metrics
Public Attention
Altmetrics from AltmetricNumber of Citations
Citations from DimensionsItem Actions
Export
About
- Item ORO ID
- 60480
- Item Type
- Book Section
- ISBN
- 981-1321-84-1, 978-981-1321-84-9
- Project Funding Details
-
Funded Project Name Project ID Funding Body Adaptive Security And Privacy (XC-11-004-BN) 291652 EC (European Commission): FP (inc.Horizon2020 & ERC schemes) SAUSE: Secure, Adaptive, Usable Software Engineering EP/R013144/1 (previous: EP/R005095/1) EPSRC (Engineering and Physical Sciences Research Council) - Keywords
- security and privacy; self-protection; self-adaptive systems; risk assessment
- Academic Unit or School
-
Faculty of Science, Technology, Engineering and Mathematics (STEM) > Computing and Communications
Faculty of Science, Technology, Engineering and Mathematics (STEM) - Research Group
- Centre for Research in Computing (CRC)
- Copyright Holders
- © 2019 Springer Nature Singapore Pte Ltd.
- Depositing User
- Yijun Yu