Risk and arguments: a risk-based argumentation method for practical security

Franqueira, Virginia N.L.; Tun, Thein Than; Yu, Yijun; Wieringa, Roel J.; Nuseibeh, Bashar

Publication

Risk and arguments: a risk-based argumentation method for practical security

Franqueira, Virginia N.L.; Tun, Thein Than; Yu, Yijun; Wieringa, Roel J.; Nuseibeh, Bashar

Date

2011

Abstract

When showing that a software system meets certain security requirements, it is often necessary to work with formal and informal descriptions of the system behavior, vulnerabilities, and the threats from potential attackers. In earlier work, Haley et al. [4] showed structured argumentation could deal with such mixed descriptions. However, incomplete and uncertain information, and limited resources force practitioners to settle for good-enough security. To deal with these conditions of practice, we extend the method of Haley et al. with risk assessment. The proposed method, RISA (RIsk assessment in Security Argumentation), uses public catalogs of security expertise to support the risk assessment, and to guide the security argumentation in identifying rebuttals and mitigations for security requirements satisfaction. We illustrate RISA with a realistic example of PIN entry device.

Description

non-peer-reviewed

Publisher

IEEE Computer Society

Citation

19TH IEEE International Requirements Engineering Conference (RE'11);08/2011

Funding Information

Science Foundation Ireland (SFI), Secure Change Project Microsoft Software Engineering Innovative Foundation

Risk and arguments: a risk-based argumentation method for practical security

Date

Abstract

Supervisor

Description

Publisher

Citation

Collections

Files

Keywords

ULRR Identifiers

Funding code

Funding Information

Sustainable Development Goals

External Link

License

Embedded videos