Decision-making in security requirements engineering with constrained goal models

Nikolaos Argyropoulos, Konstantinos Angelopoulos, Haralambos Mouratidis, Andrew Fish

Research output: Chapter in Book/Conference proceeding with ISSN or ISBNConference contribution with ISSN or ISBN

Abstract

Selecting security mechanisms for complex software systems is a cumbersome process. The presence of multiple goals and architectural components, as well as cost and performance considerations, render decision-making a crucial but complicated aspect of a system’s design. In our work, we extend Secure Tropos, a security requirements engineering methodology, by introducing the concept of Risk in order to facilitate the elicitation and analysis of security requirements and also support a systematic risk assessment process during the system’s design time. Next, we use Constrained Goal Models to reason about optimal security mechanism combinations with respect to multiple objectives of the system-to-be, taking into account conflicting functional and non-functional goals. This type of reasoning allows combining linear multi-objective optimisation with logical constraints introduced by the system’s stakeholders. Finally, we illustrate the application of approach through a real-world case study from the e-government sector.

Original languageEnglish
Title of host publicationComputer Security - ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Revised Selected Papers
PublisherSpringer-Verlag
Pages262-280
Number of pages19
ISBN (Electronic)9783319728179
ISBN (Print)9783319728162
DOIs
Publication statusPublished - 22 Dec 2017
Event3rd Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2017, 1st International Workshop on Security and Privacy Requirements Engineering, SECPRE 2017, Both workshops were co-located with 22nd European Symposium on Research in Computer Security, ESORICS 2017 - Oslo, Norway
Duration: 14 Sep 201715 Sep 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10683 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Workshop

Workshop3rd Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2017, 1st International Workshop on Security and Privacy Requirements Engineering, SECPRE 2017, Both workshops were co-located with 22nd European Symposium on Research in Computer Security, ESORICS 2017
CountryNorway
CityOslo
Period14/09/1715/09/17

Keywords

  • Constraint goal models
  • Decision making
  • Information security
  • Security requirements

Fingerprint Dive into the research topics of 'Decision-making in security requirements engineering with constrained goal models'. Together they form a unique fingerprint.

  • Cite this

    Argyropoulos, N., Angelopoulos, K., Mouratidis, H., & Fish, A. (2017). Decision-making in security requirements engineering with constrained goal models. In Computer Security - ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Revised Selected Papers (pp. 262-280). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10683 LNCS). Springer-Verlag. https://doi.org/10.1007/978-3-319-72817-9_17