Title :
Trust Trade-off Analysis for Security Requirements Engineering
Author :
Elahi, Golnaz ; Yu, Eric
Author_Institution :
Dept. of Comput. Sci., Univ. of Toronto, Toronto, ON, Canada
fDate :
Aug. 31 2009-Sept. 4 2009
Abstract :
Security requirements often have implicit assumptions about trust relationships among actors. The more actors trust each other, the less stringent the security requirements are likely to be. Trust always involves the risk of mistrust; hence, trust implies a trade-off: gaining some benefits from depending on a second party in trade for getting exposed to security and privacy risks. When trust assumptions are implicit, these trust trade-offs are made implicitly and in an ad-hoc way. By taking advantage of agent- and goal-oriented analysis, we propose a method for discovering trade-offs that trust relationships bring. This method aims to help the analyst select among alternative dependency relationships by making explicit trust trade-offs. We propose a simple algorithm for making the trade-offs in a way that reaches a balance between costs and benefits.
Keywords :
data privacy; formal specification; formal verification; security of data; software agents; systems analysis; goal-oriented analysis; privacy risk; security requirement engineering; software agent; trust trade-off analysis; Computer science; Computer security; Costs; Environmental economics; Information analysis; Information security; Navigation; Permission; Privacy; Psychology;
Conference_Titel :
Requirements Engineering Conference, 2009. RE '09. 17th IEEE International
Conference_Location :
Atlanta, GA
Print_ISBN :
978-0-7695-3761-0
