Automating trade-off analysis of security requirements. Issue 4 (November 2016)
- Record Type:
- Journal Article
- Title:
- Automating trade-off analysis of security requirements. Issue 4 (November 2016)
- Main Title:
- Automating trade-off analysis of security requirements
- Authors:
- Pasquale, Liliana
Spoletini, Paola
Salehie, Mazeiar
Cavallaro, Luca
Nuseibeh, Bashar - Abstract:
- Abstract A key aspect of engineering secure systems is identifying adequate security requirements to protect critical assets from harm. However, security requirements may compete with other requirements such as cost and usability. For this reason, they may only be satisfied partially and must be traded off against other requirements to achieve "good-enough security". This paper proposes a novel approach to automate security requirements analysis in order to determine maximum achievable satisfaction level for security requirements and identify trade-offs between security and other requirements. We also propose a pruning algorithm to reduce the search space size in the analysis. We represent security concerns and requirements using asset, threat, and goal models, initially proposed in our previous work. To deal with uncertainty and partial requirements, satisfaction security concerns are quantified by leveraging the notion of composite indicators, which are computed through metric functions based on range normalisation. An SMT solver (Z3) interprets the models and automates the execution of our analyses. We illustrate and evaluate our approach by applying it to a substantive example of a service-based application for exchanging emails.
- Is Part Of:
- Requirements engineering. Volume 21:Issue 4(2016)
- Journal:
- Requirements engineering
- Issue:
- Volume 21:Issue 4(2016)
- Issue Display:
- Volume 21, Issue 4 (2016)
- Year:
- 2016
- Volume:
- 21
- Issue:
- 4
- Issue Sort Value:
- 2016-0021-0004-0000
- Page Start:
- 481
- Page End:
- 504
- Publication Date:
- 2016-11
- Subjects:
- Security requirements -- Trade-off analysis -- Goals
Requirements engineering -- Periodicals
Software engineering -- Periodicals
Computer software -- Development -- Periodicals
Logiciels -- Développement -- Périodiques
Génie logiciel -- Périodiques
005.12 - Journal URLs:
- http://firstsearch.oclc.org ↗
http://firstsearch.oclc.org/journal=0947-3602;screen=info;ECOIP ↗
http://link.springer-ny.com/link/service/journals/00766/index.htm ↗
http://www.springerlink.com/content/0947-3602/ ↗
http://www.springer.com/gb/ ↗ - DOI:
- 10.1007/s00766-015-0229-z ↗
- Languages:
- English
- ISSNs:
- 0947-3602
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 7713.844000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 10046.xml