TY - GEN
T1 - Requirements-driven adaptive security
T2 - 2012 20th IEEE International Requirements Engineering Conference, RE 2012
AU - Salehie, Mazeiar
AU - Pasquale, Liliana
AU - Omoronyia, Inah
AU - Ali, Raian
AU - Nuseibeh, Bashar
PY - 2012
Y1 - 2012
N2 - Security is primarily concerned with protecting assets from harm. Identifying and evaluating assets are therefore key activities in any security engineering process from modeling threats and attacks, discovering existing vulnerabilities, to selecting appropriate countermeasures. However, despite their crucial role, assets are often neglected during the development of secure software systems. Indeed, many systems are designed with fixed security boundaries and assumptions, without the possibility to adapt when assets change unexpectedly, new threats arise, or undiscovered vulnerabilities are revealed. To handle such changes, systems must be capable of dynamically enabling different security countermeasures. This paper promotes assets as first-class entities in engineering secure software systems. An asset model is related to requirements, expressed through a goal model, and the objectives of an attacker, expressed through a threat model. These models are then used as input to build a causal network to analyze system security in different situations, and to enable, when necessary, a set of countermeasures to mitigate security threats. The causal network is conceived as a runtime entity that tracks relevant changes that may arise at runtime, and enables a new set of countermeasures. We illustrate and evaluate our proposed approach by applying it to a substantive example concerned with security of mobile phones.
AB - Security is primarily concerned with protecting assets from harm. Identifying and evaluating assets are therefore key activities in any security engineering process from modeling threats and attacks, discovering existing vulnerabilities, to selecting appropriate countermeasures. However, despite their crucial role, assets are often neglected during the development of secure software systems. Indeed, many systems are designed with fixed security boundaries and assumptions, without the possibility to adapt when assets change unexpectedly, new threats arise, or undiscovered vulnerabilities are revealed. To handle such changes, systems must be capable of dynamically enabling different security countermeasures. This paper promotes assets as first-class entities in engineering secure software systems. An asset model is related to requirements, expressed through a goal model, and the objectives of an attacker, expressed through a threat model. These models are then used as input to build a causal network to analyze system security in different situations, and to enable, when necessary, a set of countermeasures to mitigate security threats. The causal network is conceived as a runtime entity that tracks relevant changes that may arise at runtime, and enables a new set of countermeasures. We illustrate and evaluate our proposed approach by applying it to a substantive example concerned with security of mobile phones.
KW - Adaptation
KW - Causal reasoning
KW - Security requirements
UR - http://www.scopus.com/inward/record.url?scp=84870723455&partnerID=8YFLogxK
U2 - 10.1109/RE.2012.6345794
DO - 10.1109/RE.2012.6345794
M3 - Conference contribution
AN - SCOPUS:84870723455
SN - 9781467327855
T3 - 2012 20th IEEE International Requirements Engineering Conference, RE 2012 - Proceedings
SP - 111
EP - 120
BT - 2012 20th IEEE International Requirements Engineering Conference, RE 2012 - Proceedings
PB - IEEE Computer Society
Y2 - 24 September 2012 through 28 September 2012
ER -