Skip to main content
Kent Academic Repository

Automated Analysis of Security Requirements through Risk-based Argumentation

Yu, Yijun, Franqueira, Virginia N. L., Tun, Thein Than, Wieringa, Roel J., Nuseibeh, Bashar (2015) Automated Analysis of Security Requirements through Risk-based Argumentation. Journal of Systems and Software, 106 . pp. 102-116. ISSN 0164-1212. (doi:10.1016/j.jss.2015.04.065) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided) (KAR id:77184)

PDF Publisher pdf
Language: English

Restricted to Repository staff only
[thumbnail of 1-s2.0-S0164121215000850-main.pdf]
Official URL:
http://doi.org/10.1016/j.jss.2015.04.065

Abstract

Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about attacks, and constraints on organisational resources. In our earlier work on RISA (RIsk assessment in Security Argumentation), we showed that informal risk assessment can complement the formal analysis of security requirements. In this paper, we integrate the formal and informal assessment of security by proposing a unified meta-model and an automated tool for supporting security argumentation called OpenRISA. Using a uniform representation of risks and arguments, our automated checking of formal arguments can identify relevant risks as rebuttals to those arguments, and identify mitigations from publicly available security catalogues when possible. As a result, security engineers are able to make informed and traceable decisions about the security of their computer-based systems. The application of OpenRISA is illustrated with examples from a PIN Entry Device case study.

Item Type: Article
DOI/Identification number: 10.1016/j.jss.2015.04.065
Uncontrolled keywords: Structured argumentation, Risk assessment, Security analysis.
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Virginia Franqueira
Date Deposited: 16 Oct 2019 09:44 UTC
Last Modified: 17 Aug 2022 11:02 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/77184 (The current URI for this page, for reference purposes)

University of Kent Author Information

Franqueira, Virginia N. L..

Creator's ORCID: https://orcid.org/0000-0003-1332-9115
CReDIT Contributor Roles:
  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.