Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development

Matulevičius, Raimundas; Mayer, Nicolas; Mouratidis, Haralambos; Dubois, Éric; Heymans, Patrick; Genon, Nicolas

doi:10.1007/978-3-540-69534-9_40

Cited by 63 publications

(46 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Matulevicius et al [20] treat vulnerabilities as beliefs in the knowledge base of attackers which may contribute to the success of an attack. In [22], the i* framework is extended to represent vulnerabilities and their relation with threats and other elements of the i* models.…”

Section: Modeling Vulnerabilities For Security Requirements Engineeringmentioning

confidence: 99%

“…Among them, CORAS [7] does not investigate which design choices, requirements, or processes have brought the vulnerabilities to the system, and the semantics of relationships among vulnerabilities, and between vulnerabilities and threats are not defined. Similar to CORAS, the resulting models in [20,22] do not specify how, by what actions and actors the vulnerability is brought to the system. These models do not capture the impact of countermeasures on the vulnerabilities and attacks.…”

Section: Modeling Vulnerabilities For Security Requirements Engineeringmentioning

confidence: 99%

“…The link between attacks and vulnerabilities are implicitly (and explicitly) modeled in all of the surveyed approaches. However, among the modeling notations that provide explicit constructs for modeling vulnerability, only a few frameworks [20] Risk-Based Security Framework by Mayer et al [22] Extensions to misuse case diagram [26] Security extension on i* framework by Elahi et al [8,9] Conceptual Foundation such as CORAS [7], i* security extensions [9,8], and extensions of misuse case models [26] relate the countermeasures to vulnerabilities. The semantics of the countermeasure impact in [7,26] is not well defined, and the model cannot be used to evaluate the impact of countermeasures on the overall system security.…”

Section: Comparison Of the Conceptual Modeling Frameworkmentioning

confidence: 99%

See 2 more Smart Citations

A Modeling Ontology for Integrating Vulnerabilities into Security Requirements Conceptual Foundations

Elahi¹,

Zannone

2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Vulnerabilities are weaknesses in the requirements, design, and implementation, which attackers exploit to compromise the system. This paper proposes a vulnerability-centric modeling ontology, which aims to integrate empirical knowledge of vulnerabilities into the system development process. In particular, we identify the basic concepts for modeling and analyzing vulnerabilities and their effects on the system. These concepts drive the definition of criteria that make it possible to compare and evaluate security frameworks based on vulnerabilities. We show how the proposed modeling ontology can be adopted in various conceptual modeling frameworks through examples.

show abstract

Section: Modeling Vulnerabilities For Security Requirements Engineeringmentioning

confidence: 99%

Section: Modeling Vulnerabilities For Security Requirements Engineeringmentioning

confidence: 99%

Section: Comparison Of the Conceptual Modeling Frameworkmentioning

confidence: 99%

See 1 more Smart Citation

A Modeling Ontology for Integrating Vulnerabilities into Security Requirements Conceptual Foundations

Elahi¹,

Zannone

2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Only few security software engineering approaches consider analyzing vulnerabilities, as weaknesses in the systems, during the elicitation of security requirements. For instance, in [27], vulnerabilities are modeled as beliefs inside the boundary of attackers that may positively contribute to attacks. However, the resulting models do not specify which actions or assets introduce vulnerabilities into the system, and which actors are vulnerable.…”

Section: Introductionmentioning

confidence: 99%

“…The CORAS framework [5,12] provides a way for expressing how a vulnerability leads to another vulnerability and how a vulnerability (or combination of vulnerabilities) lead to a threat. However, similar to [27], CORAS does not investigate which design choice, requirement, or process has brought the vulnerabilities to the system. Current state of the art raises the need for a systematic way to link the empirical security knowledge such as information about vulnerabilities, attacks, and proper countermeasure to stakeholders' goals and security requirements.…”

Section: Introductionmentioning

confidence: 99%

A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities

Elahi

Zannone

2009

Requirements Eng

View full text Add to dashboard Cite

Many security breaches occur because of exploitation of vulnerabilities within the system. Vulnerabilities are weaknesses in the requirements, design, and implementation, which attackers exploit to compromise the system. This paper proposes a methodological framework for security requirements elicitation and analysis centered on vulnerabilities. The framework offers modeling and analysis facilities to assist system designers in analyzing vulnerabilities and their effects on the system; identifying potential attackers and analyzing their behavior for compromising the system; and identifying and analyzing the countermeasures to protect the system. The framework proposes a qualitative goal model evaluation analysis for assessing the risks of vulnerabilities exploitation and analyzing the impact of countermeasures on such risks.

show abstract

Probabilistic modeling and analysis of sequential cyber‐attacks

Liu

Xing

Zhou

2019

Engineering Reports

View full text Add to dashboard Cite

Security is one of the major challenges for promoting the computer industry. Existing models for assessing security have mostly assumed that different hazards causing the security breach are independent of each other. Dependencies however can exist among different hazardous actions and they may affect the system security attribute greatly. This paper advances the state of the art in quantitative security risk assessment by modeling one such dependency, where multiple sequence‐dependent hazardous actions are performed to launch a successful security cyber‐attack. Continuous‐time Markov chain and semi‐Markov process–based methods are proposed to estimate the occurrence probability of a security risk for systems undergoing the sequential cyber‐attacks. While the CTMC method is limited to the exponential state transition time, the proposed semi‐Markov process–based approach is applicable to analyzing attacks with any arbitrary types of transition time distributions. Both methods are illustrated using case studies where Trojan attacks in the banking application are modeled and analyzed.

show abstract

Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development

Cited by 63 publications

References 19 publications

A Modeling Ontology for Integrating Vulnerabilities into Security Requirements Conceptual Foundations

A Modeling Ontology for Integrating Vulnerabilities into Security Requirements Conceptual Foundations

A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities

Probabilistic modeling and analysis of sequential cyber‐attacks

Contact Info

Product

Resources

About