Automating trade-off analysis of security requirements

Pasquale, Liliana; Spoletini, Paola; Salehie, Mazeiar; Cavallaro, Luca; Nuseibeh, Bashar

doi:10.1007/s00766-015-0229-z

Cited by 22 publications

(6 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Saadatmand et al [64] propose an approach that automatically, based on a fuzzy logic extension of the TOPSIS decision-making method, analyzes UML class models annotated with non-functional requirements in order to evaluate different design alternatives and identify which one leads to better overall satisfaction of non-functional requirements. For the same purpose, Pasquale et al [52] propose to use the KAOS goal-oriented approach to study interactions between security requirements such as confidentiality and other organizational and non-functional requirements such as cost budget and performance, respectively. The proposed approach uses a SMT solver to interpret the KAOS models and automate the execution of the trade-off analyses.…”

Section: Model-based Conflict Detection Approachesmentioning

confidence: 99%

A semi-automated BPMN-based framework for detecting conflicts between security, data-minimization, and fairness requirements

et al. 2020

View full text Add to dashboard Cite

Requirements are inherently prone to conflicts. Security, data-minimization, and fairness requirements are no exception. Importantly, undetected conflicts between such requirements can lead to severe effects, including privacy infringement and legal sanctions. Detecting conflicts between security, data-minimization, and fairness requirements is a challenging task, as such conflicts are context-specific and their detection requires a thorough understanding of the underlying business processes. For example, a process may require anonymous execution of a task that writes data into a secure data storage, where the identity of the writer is needed for the purpose of accountability. Moreover, conflicts not arise from trade-offs between requirements elicited from the stakeholders, but also from misinterpretation of elicited requirements while implementing them in business processes, leading to a non-alignment between the data subjects' requirements and their specifications. Both types of conflicts are substantial challenges for conflict detection. To address these challenges, we propose a BPMN-based framework that supports: (i) the design of business processes considering security, data-minimization and fairness requirements, (ii) the encoding of such requirements as reusable, domain-specific patterns, (iii) the checking of alignment between the encoded requirements and annotated BPMN models based on these patterns, and (iv) the detection of conflicts between the specified requirements in the BPMN models based on a catalog of domain-independent anti-patterns. The security requirements were reused from SecBPMN2, a security-oriented BPMN 2.0 extension, while the fairness and data-minimization parts are new. For formulating our patterns and anti-patterns, we extended a graphical query language called SecBPMN2-Q. We report on the feasibility and the usability of our approach based on a case study featuring a healthcare management system, and an experimental user study.

show abstract

Section: Model-based Conflict Detection Approachesmentioning

confidence: 99%

A semi-automated BPMN-based framework for detecting conflicts between security, data-minimization, and fairness requirements

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Automation in ISRM is researched from different perspectives. An approach to automatically identify adequate security requirements based on an asset model of the system under investigation has been presented by Pasquale et al (2016). Adaptive ISRM approaches enhance support for dealing with changes of assets as well the threat landscape (Bennaceur et al, 2014).…”

Section: Information Security Risk Managementmentioning

confidence: 99%

Risk Management Practices in Information Security: Exploring the Status Quo in the DACH Region

Brunner,

Sauerwein,

Felderer

et al. 2020

Preprint

View full text Add to dashboard Cite

Information security management aims at ensuring proper protection of information values and information processing systems (i.e. assets). Information security risk management techniques are incorporated to deal with threats and vulnerabilities that impose risks to information security properties of these assets. This paper investigates the current state of risk management practices being used in information security management in the DACH region (Germany, Austria, Switzerland). We used an anonymous online survey targeting strategic and operative information security and risk managers and collected data from 26 organizations. We analyzed general practices, documentation artifacts, patterns of stakeholder collaboration as well as tool types and data sources used by enterprises to conduct information security management activities. Our findings show that the state of practice of information security risk management is in need of improvement. Current industrial practice heavily relies on manual data collection and complex potentially subjective decision processes with multiple stakeholders involved. Dedicated risk management tools and methods are used selectively and neglected in favor of general-purpose documentation tools and direct communication between stakeholders. In light of our results we propose guidelines for the development of risk management practices that are better aligned with the current operational situation in information security management.

show abstract

“…The work of Pasquale et al (2015) introduces a requirements-driven approach for automated and quantitative security trade-off analysis through a sophisticated optimisation algorithm. Similarly, Aydemir et al (2016) propose a multiobjective, goal-oriented, risk modelling and analysis framework, which is based on constrained goal models and uses OptiMathSAT to identify optimal security countermeasures.…”

Section: Related Workmentioning

confidence: 99%

Risk-aware decision support with constrained goal models

Argyropoulos

Angelopoulos

Mouratidis

et al. 2018

ICS

View full text Add to dashboard Cite

Purpose The selection of security configurations for complex information systems is a cumbersome process. Decision-making regarding the choice of security countermeasures has to take into consideration a multitude of, often conflicting, functional and non-functional system goals. Therefore, a structured method to support crucial security decisions during a system’s design that can take account of risk whilst providing feedback on the optimal decisions within specific scenarios would be valuable. Design/methodology/approach Secure Tropos is a well-established security requirements engineering methodology, but it has no concepts of Risk, whilst Constrained Goal Models are an existing method to support relevant automated reasoning tasks. Hence we bridge these methods, by extending Secure Tropos to incorporate the concept of Risk, so that the elicitation and analysis of security requirements can be complimented by a systematic risk assessment process during a system’s design time and supporting the reasoning regarding the selection of optimal security configurations with respect to multiple system objectives and constraints, via constrained goal models. Findings As a means of conceptual evaluation, to give an idea of the applicability of the approach and to check if alterations may be desirable, a case study of its application to an e-government information system is presented. The proposed approach is able to generate security mechanism configurations for multiple optimisation scenarios that are provided, whilst there are limitations in terms of a natural trade-off of information levels of risk assessment that are required to be elicited. Originality/value The proposed approach adds additional value via its flexibility in permitting the consideration of different optimisation scenarios by prioritising different system goals and the automated reasoning support.

show abstract

Automating trade-off analysis of security requirements

Cited by 22 publications

References 36 publications

A semi-automated BPMN-based framework for detecting conflicts between security, data-minimization, and fairness requirements

A semi-automated BPMN-based framework for detecting conflicts between security, data-minimization, and fairness requirements

Risk Management Practices in Information Security: Exploring the Status Quo in the DACH Region

Risk-aware decision support with constrained goal models

Contact Info

Product

Resources

About