• DocumentCode
    1934756
  • Title

    Risk and argument: A risk-based argumentation method for practical security

  • Author

    Franqueira, Virginia N L ; Tun, Thein Than ; Yu, Yijun ; Wieringa, Roel ; Nuseibeh, Bashar

  • Author_Institution
    Enschede, Univ. of Twente, Enschede, Netherlands
  • fYear
    2011
  • fDate
    Aug. 29 2011-Sept. 2 2011
  • Firstpage
    239
  • Lastpage
    248
  • Abstract
    When showing that a software system meets certain security requirements, it is often necessary to work with formal and informal descriptions of the system behavior, vulnerabilities, and threats from potential attackers. In earlier work, Haley et al. [1] showed structured argumentation could deal with such mixed descriptions. However, incomplete and uncertain information, and limited resources force practitioners to settle for good-enough security. To deal with these conditions of practice, we extend the method of Haley et al. with risk assessment. The proposed method, RISA (RIsk assessment in Security Argumentation), uses public catalogs of security expertise to support the risk assessment, and to guide the security argumentation in identifying rebuttals and mitigations for security requirements satisfaction. We illustrate RISA with a realistic example of PIN Entry Device.
  • Keywords
    risk management; security of data; RISA; public catalogs; risk assessment in security argumentation; risk-based argumentation method; security requirements; software system; Catalogs; Context; Cryptography; Risk management; Software; Systematics; Argumentation; Common Attack Pattern Enumeration and Classification (CAPEC); Common Weakness Enumeration (CWE); Risk Assessment; Security Requirements;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Requirements Engineering Conference (RE), 2011 19th IEEE International
  • Conference_Location
    Trento
  • ISSN
    1090-705X
  • Print_ISBN
    978-1-4577-0921-0
  • Electronic_ISBN
    1090-705X
  • Type

    conf

  • DOI
    10.1109/RE.2011.6051659
  • Filename
    6051659