University of Limerick Institutional Repository

Requirements-driven adaptive security: protecting variable assets at runtime

DSpace Repository

Show simple item record

dc.contributor.author Salehie, Mazeiar
dc.contributor.author Pasquale, Liliana
dc.contributor.author Omoronyia, Inah
dc.contributor.author Ali, Raian
dc.contributor.author Nuseibeh, Bashar
dc.date.accessioned 2012-10-10T15:35:28Z
dc.date.available 2012-10-10T15:35:28Z
dc.date.issued 2012
dc.identifier.uri http://hdl.handle.net/10344/2598
dc.description peer-reviewed en_US
dc.description.abstract Security is primarily concerned with protecting assets from harm. Identifying and evaluating assets are therefore key activities in any security engineering process – from modeling threats and attacks, discovering existing vulnerabilities, to selecting appropriate countermeasures. However, despite their crucial role, assets are often neglected during the development of secure software systems. Indeed, many systems are designed with fixed security boundaries and assumptions, without the possibility to adapt when assets change unexpectedly, new threats arise, or undiscovered vulnerabilities are revealed. To handle such changes, systems must be capable of dynamically enabling different security countermeasures. This paper promotes assets as first-class entities in engineering secure software systems. An asset model is related to requirements, expressed through a goal model, and the objectives of an attacker, expressed through a threat model. These models are then used as input to build a causal network to analyze system security in different situations, and to enable, when necessary, a set of countermeasures to mitigate security threats. The causal network is conceived as a runtime entity that tracks relevant changes that may arise at runtime, and enables a new set of countermeasures. We illustrate and evaluate our proposed approach by applying it to a substantive example concerned with security of mobile phones. en_US
dc.language.iso eng en_US
dc.relation.ispartofseries Proceedings of 20th International Requirements Engineering Conference (RE'12);
dc.subject security requirements en_US
dc.subject adaptation en_US
dc.subject causal reasoning en_US
dc.title Requirements-driven adaptive security: protecting variable assets at runtime en_US
dc.type info:eu-repo/semantics/conferenceObject en_US
dc.type.supercollection all_ul_research en_US
dc.type.supercollection ul_published_reviewed en_US
dc.contributor.sponsor SFI en_US
dc.contributor.sponsor ERC en_US
dc.contributor.sponsor UTRC en_US
dc.relation.projectid 10/CE/I1855 en_US
dc.rights.accessrights info:eu-repo/semantics/openAccess en_US


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search ULIR


Browse

My Account

Statistics