Automated analysis of security requirements through risk-based argumentation
作者: Yijun Yu , Virginia N.L. Franqueira , Thein Than Tun , Roel J. Wieringa , Bashar Nuseibeh
DOI: 10.1016/J.JSS.2015.04.065
关键词:
摘要: Included definition of premises.Adjusted the metamodel according to Toulmin-style arguments.Revised examples changed metamodel.Added descriptions Figs. 7 and 8.Fixed typos improved language. Computer-based systems are increasingly being exposed evolving security threats, which often reveal new vulnerabilities. A formal analysis threats is difficult due a number practical considerations such as incomplete knowledge about design, limited information attacks, constraints on organisational resources. In our earlier work RISA (RIsk assessment in Security Argumentation), we showed that informal risk can complement requirements. this paper, integrate by proposing unified meta-model an automated tool for supporting argumentation called OpenRISA. Using uniform representation risks arguments, checking arguments identify relevant rebuttals those mitigations from publicly available catalogues when possible. As result, engineers able make informed traceable decisions their computer-based systems. The application OpenRISA illustrated with PIN Entry Device case study.
utwente.nl
openrepository.com
elsevier.com
sci-hub.se 参考文章(42)
Kyung-Sun Kim, Information-seeking on the Web: Effects of user and task variables Library & Information Science Research. ,vol. 23, pp. 233- 255 ,(2001) , 10.1016/S0740-8188(01)00081-0
Charles B. Weinstock, Howard F. Lipson, Evidence of Assurance: Laying the Foundation for a Credible Security Case ,(2014)
Ketil Stlen, Mass Soldal Lund, Bjrnar Solhaug, Model-Driven Risk Analysis: The CORAS Approach ,(2010)
Clifton A. Ericson, Hazard Analysis Techniques for System Safety ,(2005)
Henry Prakken, Dan Ionita, Roel Wieringa, Risk Assessment as an Argumentation Game CLIMA XIV Proceedings of the 14th International Workshop on Computational Logic in Multi-Agent Systems - Volume 8143. pp. 357- 373 ,(2013) , 10.1007/978-3-642-40624-9_22
Otis Gospodnetić, Erik Hatcher, Doug Cutting, Lucene in Action ,(2004)
Rune Winther, Ole-Arnt Johnsen, Bjørn Axel Gran, Security Assessments of Safety Critical Systems Using HAZOPs international conference on computer safety reliability and security. pp. 14- 24 ,(2001) , 10.1007/3-540-45416-0_2
Catherine C. Marshall, Susan E. Newman, Pushing Toulmin Too Far: Learning From an Argument Representation Scheme ,(1998)
Michael Jackson, Problem Frames: Analyzing and Structuring Software Development Problems ,(2000)
Stephen Edelston Toulmin, Allan Janik, Richard D. Rieke, An introduction to reasoning ,(1979)