Security is primarily concerned with protecting
assets from harm. Identifying and evaluating assets are therefore
key activities in any security engineering process – from
modeling threats and attacks, discovering existing vulnerabilities,
to selecting appropriate countermeasures. However,
despite their crucial role, assets are often neglected during
the development of secure software systems. Indeed, many
systems are designed with fixed security boundaries and assumptions,
without the possibility to adapt when assets change
unexpectedly, new threats arise, or undiscovered vulnerabilities
are revealed. To handle such changes, systems must be capable
of dynamically enabling different security countermeasures.
This paper promotes assets as first-class entities in engineering
secure software systems. An asset model is related to requirements,
expressed through a goal model, and the objectives of an
attacker, expressed through a threat model. These models are
then used as input to build a causal network to analyze system
security in different situations, and to enable, when necessary, a
set of countermeasures to mitigate security threats. The causal
network is conceived as a runtime entity that tracks relevant
changes that may arise at runtime, and enables a new set
of countermeasures. We illustrate and evaluate our proposed
approach by applying it to a substantive example concerned
with security of mobile phones.
Funding
Study on Aerodynamic Characteristics Control of Slender Body Using Active Flow Control Technique