Skip to main content
Kent Academic Repository
Simple search | Advanced search

Risk and Argument: A risk-based Argumentation Method for Practical Security

Franqueira, Virginia N.L., Tun, Thein Than, Yu, Yijun, Wieringa, Roel, Nuseibeh, Bashar (2011) Risk and Argument: A risk-based Argumentation Method for Practical Security. In: 2011 IEEE 19th International Requirements Engineering Conference. 2011 IEEE 19th International Requirements Engineering Conference. . pp. 239-248. IEEE ISBN 978-1-4577-0921-0. E-ISBN 978-1-4577-0924-1. (doi:10.1109/re.2011.6051659) (KAR id:77195)

PDF Author's Accepted Manuscript
Language: English
Download this file
(PDF/375kB)
[thumbnail of 2011_Franqueira.pdf]
Preview
Request a format suitable for use with assistive technology e.g. a screenreader
PDF Publisher pdf
Language: English

Restricted to Repository staff only
[thumbnail of 6051659]
Official URL:
https://doi.org/10.1109/re.2011.6051659

Abstract

When showing that a software system meets certain security requirements, it is often necessary to work with formal and informal descriptions of the system behavior, vulnerabilities, and threats from potential attackers. In earlier work, Haley et al. [1] showed structured argumentation could deal with such mixed descriptions. However, incomplete and uncertain information, and limited resources force practitioners to settle for good-enough security. To deal with these conditions of practice, we extend the method of Haley et al. with risk assessment. The proposed method, RISA (RIsk assessment in Security Argumentation), uses public catalogs of security expertise to support the risk assessment, and to guide the security argumentation in identifying rebuttals and mitigations for security requirements satisfaction. We illustrate RISA with a realistic example of PIN Entry Device.

Item Type: Conference or workshop item (Paper)
DOI/Identification number: 10.1109/re.2011.6051659
Additional information: I now belong to the Kent Interdisciplinary Research Centre in Cyber Security (KirCCS), but couldn't find it in the "Divisions" section. I uploaded the published version for internal staff only. Not sure.
Uncontrolled keywords: Security Requirements, Argumentation, Risk Assessment, Common Attack Pattern Enumeration and Classification (CAPEC), Common Weakness Enumeration (CWE)
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Virginia Franqueira
Date Deposited: 08 Oct 2019 16:57 UTC
Last Modified: 16 Nov 2021 10:26 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/77195 (The current URI for this page, for reference purposes)

University of Kent Author Information

Franqueira, Virginia N.L..

Creator's ORCID: https://orcid.org/0000-0003-1332-9115
CReDIT Contributor Roles:
  • Depositors only (login required):
Altmetric
Download Statistics

Total unique views for this document in KAR since July 2020. For more details click on the image.

SensusAccess
Feedback