Argumentation-based security requirements elicitation: The next round
作者: Dan Ionita , Jan-Willem Bullee , Roel J. Wieringa
DOI: 10.1109/ESPRE.2014.6890521
关键词:
摘要: Information Security Risk Assessment can be viewed as part of requirements engineering because it is used to translate security goals into requirements, where are the desired system properties that mitigate threats goals. To improve defensibility these mitigations, several researchers have attempted base risk assessment on argumentation structures. However, none approaches so far been scalable or usable in real-world assessments. In this paper, we present results from our search for a argumentation-based information RA method. We start previous work both formal frameworks and informal argument structuring try find promising middle ground. An initial prototype using spreadsheets validated iteratively improved via Case Studies. Challenges such scalability, quantify-ability, ease use, relation existing parallel fields discussed. Finally, explore scope applicability approach with regard various classes Systems while also drawing more general conclusions role security.
narcis.nl
utwente.nl参考文章(12)
Rationale Management in Software Engineering Springer-Verlag New York, Inc.. ,(2006) , 10.1007/978-3-540-30998-7
Robin Laney, Jonathan D. Moffett, Charles B. Haley, Bashar Nuseibeh, Arguing security: validating security requirements using structured argumentation ,(2005)
Henry Prakken, Dan Ionita, Roel Wieringa, Risk Assessment as an Argumentation Game CLIMA XIV Proceedings of the 14th International Workshop on Computational Logic in Multi-Agent Systems - Volume 8143. pp. 357- 373 ,(2013) , 10.1007/978-3-642-40624-9_22
Stephen Edelston Toulmin, Allan Janik, Richard D. Rieke, An introduction to reasoning ,(1979)
C. B. Haley, R. Laney, J. D. Moffett, B. Nuseibeh, Arguing Satisfaction of Security Requirements IGI Global. pp. 3199- 3221 ,(2008) , 10.4018/978-1-59904-147-6.CH002
Stephen Edelston Toulmin, The uses of argument ,(1958)
Henry Prakken, An abstract framework for argumentation with structured arguments Argument & Computation. ,vol. 1, pp. 93- 124 ,(2010) , 10.1080/19462160903564592
Phan Minh Dung, On the acceptability of arguments and its fundamental role in nonmonotonic reasoning, logic programming and n -person games Artificial Intelligence. ,vol. 77, pp. 321- 357 ,(1995) , 10.1016/0004-3702(94)00041-X
C.B. Haley, R. Laney, J.D. Moffett, B. Nuseibeh, Security Requirements Engineering: A Framework for Representation and Analysis IEEE Transactions on Software Engineering. ,vol. 34, pp. 133- 153 ,(2008) , 10.1109/TSE.2007.70754
Dan Ionita, Wolter Pieters, Roelf J. Wieringa, Pieter H. Hartel, Current established risk assessment methodologies and tools CTIT technical report series. ,(2013)