2016 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C) 2016
DOI: 10.1109/qrs-c.2016.54
|View full text |Cite
|
Sign up to set email alerts
|

Motivating Security Engineering with Economics: A Utility Function Approach

Abstract: Establishing the correct mix of functionality and security is key to developing resilient systems; an imbalance will result in system failure, either in system objective or at the hands of an adversary. We present a methodology for reasoning about secure design using economic expressions. We employ Wireless Personal Area Network (WPAN) devices and the IEEE 802.15.4 specification to demonstrate how a utility-based representation can be used to analyse these competing concerns, leading to designs that can be opt… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1

Citation Types

0
3
0

Year Published

2016
2016
2020
2020

Publication Types

Select...
1
1

Relationship

1
1

Authors

Journals

citations
Cited by 2 publications
(3 citation statements)
references
References 19 publications
(33 reference statements)
0
3
0
Order By: Relevance
“…A framework rooted in utility theory, decision support and cost-benefit analysis will enable a more systematic and rational planning of software development, and of security overall. Through the inclusion of security investments made during development, the overall security investment is rendered more cost-effective [34], implementation decisions can be made coherently with security concerns [35], and the effectiveness of the overall security enterprise can be analysed [36]. To anchor further discussion, we present a summary of the current state of secure software engineering practice.…”
Section: Paradigmmentioning
confidence: 99%
See 2 more Smart Citations
“…A framework rooted in utility theory, decision support and cost-benefit analysis will enable a more systematic and rational planning of software development, and of security overall. Through the inclusion of security investments made during development, the overall security investment is rendered more cost-effective [34], implementation decisions can be made coherently with security concerns [35], and the effectiveness of the overall security enterprise can be analysed [36]. To anchor further discussion, we present a summary of the current state of secure software engineering practice.…”
Section: Paradigmmentioning
confidence: 99%
“…This can be thought of as 'non-functional fit criteria', supplying constraints on the architectural and design decisions through explicit statements related to management concerns such as resources or cost. Preliminary work has demonstrated how such a construct could be used to choose a compliant cryptographic mode that balances functionality and security in order to foster system resilience in Internet of Things (IoT) devices [35]. Expressing security requirements and attacker/defender concerns in this way supports the critical process of refutation [65], and supplies information critical for extending understanding beyond what needs to be protected, to include why.…”
Section: Security In An Economic Contextmentioning
confidence: 99%
See 1 more Smart Citation