Developers have to ensure that their systems meet certain security requirements. Structured argumentation can be a powerful tool for developers to deal with system behavior, vulnerabilities, and threats. Haley's framework is based on construction of a context for the system, representing security requirements as constraints, and developing satisfaction arguments for the security requirements. Incomplete and uncertain information and limited resources force the developers to settle for goodenough security. Risk assessment in Security Argumentation (RISA) extends Haley's method with risk assessment. RISA uses publicly available catalogs of security expertise and most common attack patterns to support risk assessment. These catalogs provide valuable information to the assessment process and help the developers identify mitigations for security requirements satisfaction. RISA developers stated the most pressing issue of their future work is the validation of RISA. In previous studies, no validation of RISA framework has been done on a complex system. Hence, this work evaluates RISA framework by applying it to the security requirements analysis of the address generation module of the decentralized, peer-to-peer communication protocol BitMessage. In addition, based on this analysis, we suggest a new set of requirements to improve the security of the current BitMessage client version.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.