University of Limerick Institutional Repository

Automated analysis of security requirements through risk-based argumentation

DSpace Repository

Show simple item record

dc.contributor.author Yu, Yijun
dc.contributor.author Franqueira, Virginia N.L.
dc.contributor.author Tun, Thein Than
dc.contributor.author Wieringa, Roel J.
dc.contributor.author Nuseibeh, Bashar
dc.date.accessioned 2017-04-10T09:01:28Z
dc.date.available 2017-04-10T09:01:28Z
dc.date.issued 2015
dc.identifier.uri http://hdl.handle.net/10344/5674
dc.description peer-reviewed en_US
dc.description.abstract Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about attacks, and constraints on organisational resources. In our earlier work on RISA (Risk assessment in Security Argumentation), we showed that informal risk assessment can complement the formal analysis of security requirements. In this paper, we integrate the formal and informal assessment of security by proposing a unified meta-model and an automated tool for supporting security argumentation called OpenRISA. Using a uniform representation of risks and arguments, our automated checking of formal arguments can identify relevant risks as rebuttals to those arguments, and identify mitigations from publicly available security catalogues when possible. As a result, security engineers are able to make informed and traceable decisions about the security of their computer-based systems. The application of OpenRISA is illustrated with examples from a PIN Entry Device case study. (C) 2015 Elsevier Inc. All rights reserved. en_US
dc.language.iso eng en_US
dc.publisher Elsevier en_US
dc.relation.ispartofseries The Journal of Systems and Sofware;106, pp. 102-116
dc.relation.uri http://doi.org/10.1016/j.jss.2015.04.065
dc.rights This is the author submitted version of "Automated analysis of security requirements through risk-based argumentation" that was published in The Journal of Systems and Sofware, 2015, 106, pp. 102-116. The final published version is available at http://doi.org/10.1016/j.jss.2015.04.065 en_US
dc.subject structured argumentation en_US
dc.subject risk assessement en_US
dc.subject security analysis en_US
dc.title Automated analysis of security requirements through risk-based argumentation en_US
dc.type info:eu-repo/semantics/article en_US
dc.type.supercollection all_ul_research en_US
dc.type.supercollection ul_published_reviewed en_US
dc.date.updated 2017-04-10T08:50:36Z
dc.description.version SUBMITTED
dc.identifier.doi 10.1016/j.jss.2015.04.065
dc.contributor.sponsor ERC en_US
dc.contributor.sponsor SFI en_US
dc.relation.projectid 291652 en_US
dc.relation.projectid 03/CE2/1303_1 en_US
dc.rights.accessrights info:eu-repo/semantics/openAccess en_US
dc.internal.rssid 1594526
dc.internal.copyrightchecked Yes
dc.identifier.journaltitle Journal Of Systems And Software
dc.description.status peer-reviewed


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search ULIR


Browse

My Account

Statistics