Automated analysis of security requirements through risk-based argumentation
Journal article
Yu, Yijun, Franqueira, Virginia N. L., Than Tun, Thein, Wieringa, Roel J. and Nuseibeh, Bashar 2015. Automated analysis of security requirements through risk-based argumentation. Journal of Systems and Software. https://doi.org/10.1016/j.jss.2015.04.065
| Authors | Yu, Yijun, Franqueira, Virginia N. L., Than Tun, Thein, Wieringa, Roel J. and Nuseibeh, Bashar |
|---|---|
| Abstract | Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about attacks, and constraints on organisational resources. In our earlier work on RISA (RIsk assessment in Security Argumentation), we showed that informal risk assessment can complement the formal analysis of security requirements. In this paper, we integrate the formal and informal assessment of security by proposing a unified meta-model and an automated tool for supporting security argumentation called OpenRISA. Using a uniform representation of risks and arguments, our automated checking of formal arguments can identify relevant risks as rebuttals to those arguments, and identify mitigations from publicly available security catalogues when possible. As a result, security engineers are able to make informed and traceable decisions about the security of their computer-based systems. The application of OpenRISA is illustrated with examples from a PIN Entry Device case study. |
| Keywords | Structured argumentation; Risk assessment; Security analysis |
| Year | 2015 |
| Journal | Journal of Systems and Software |
| Publisher | Elsevier |
| ISSN | 01641212 |
| Digital Object Identifier (DOI) | https://doi.org/10.1016/j.jss.2015.04.065 |
| Web address (URL) | http://hdl.handle.net/10545/555820 |
| hdl:10545/555820 | |
| Publication dates | 23 Apr 2015 |
| Publication process dates | |
| Deposited | 26 May 2015, 14:38 |
| Rights | Archived with thanks to Journal of Systems and Software |
| Contributors | University of Derby |
| File | File Access Level Open |
Permalink -
https://repository.derby.ac.uk/item/9225x/automated-analysis-of-security-requirements-through-risk-based-argumentation
Download files
47
total views0
total downloads6
views this month0
downloads this month
Export as
Related outputs
Deep labeller: automatic bounding box generation for synthetic violence detection datasets
Nadeem, M., Kurugollu, F., Saravi, S., Atlam, H. and Franqueira, V. 2023. Deep labeller: automatic bounding box generation for synthetic violence detection datasets. Multimedia Tools and Applications. pp. 1-18. https://doi.org/10.1007/s11042-023-15621-5
Integration and evaluation of QUIC and TCP-BBR in longhaul science data transfers
Lopes, Raul H. C., Franqueira, Virginia N. L. and Duncan, Rand 2019. Integration and evaluation of QUIC and TCP-BBR in longhaul science data transfers. EPJ Web of Conferences. 214, p. 08026. https://doi.org/10.1051/epjconf/201921408026Privacy verification of photoDNA based on machine learning
Nadeem, Muhammad Shahroz, Franqueira, Virginia N. L. and Zhai, Xiaojun 2019. Privacy verification of photoDNA based on machine learning. in: The Institution of Engineering and Technology (IET).Behavioural Digital Forensics Model: Embedding Behavioural Evidence Analysis into the Investigation of Digital Crimes
Al Mutawa, Noora, Bryce, Joanne, Franqueira, Virginia N.L., Marrington, Andrew and Read, Janet C. 2018. Behavioural Digital Forensics Model: Embedding Behavioural Evidence Analysis into the Investigation of Digital Crimes. Digital Investigation. https://doi.org/10.1016/j.diin.2018.12.003Analytical tools for blockchain: review, taxonomy and open challenges.
Balaskas, Anastasios and Franqueira, Virginia N. L. 2018. Analytical tools for blockchain: review, taxonomy and open challenges. IEE Explore. https://doi.org/10.1109/CyberSecPODS.2018.8560672Blockchain-Based Distributed Marketplace.
Kabi, Oliver R. and Franqueira, Virginia N. L. 2019. Blockchain-Based Distributed Marketplace. in: Springer Nature.A survey of deep learning solutions for multimedia visual content analysis.
Nadeem, Muhammad Shahroz, Franqueira, Virginia N. L., Zhai, Xiaojun and Kurugollu, Fatih 2019. A survey of deep learning solutions for multimedia visual content analysis. IEEE Access. https://doi.org/10.1109/ACCESS.2019.DOIA tutorial introduction to IoT design and prototyping with examples.
Meruje, Manuel, Sumaila, Musa, Franqueira, Virginia N. L., Freire, Mario M. and Inacio, Pedro R. M. 2018. A tutorial introduction to IoT design and prototyping with examples. in: Wiley-IEEE Press.Cloud forensics and security
Franqueira, Virginia N. L., Lopes, Raul, Jones, Andrew and Storer, Tim 2017. Cloud forensics and security. SpringerOpen.On Locky ransomware, Al Capone and Brexit
MacRae, John and Franqueira, Virginia N. L. 2018. On Locky ransomware, Al Capone and Brexit. in: Springer.Man-In-The-Middle attacks in Vehicular Ad-Hoc Networks: Evaluating the impact of attackers’ strategies.
Ahmad, F., Adnane, Asma, Franqueira, Virginia N. L., Kurugollu, Fatih and Liu, Lu 2018. Man-In-The-Middle attacks in Vehicular Ad-Hoc Networks: Evaluating the impact of attackers’ strategies. Sensors. 18 (11), p. 4040. https://doi.org/10.3390/s18114040TEAM: A trust evaluation and management framework in context-enabled vehicular ad-hoc networks.
Ahmad, F., Franqueira, Virginia N. L. and Adnane, Asma 2018. TEAM: A trust evaluation and management framework in context-enabled vehicular ad-hoc networks. IEEE Access. https://doi.org/10.1109/ACCESS.2018.2837887Investigation of indecent images of children cases: Challenges and suggestions collected from the trenches.
Franqueira, Virginia N. L., Bryce, Joanne, Al Mutawa, Noora and Marrington, Andrew 2017. Investigation of indecent images of children cases: Challenges and suggestions collected from the trenches. Digital Investigation. https://doi.org/10.1016/j.diin.2017.11.002Parallel Monte Carlo search for Hough Transform.
Lopes, Raul, Franqueira, Virginia N. L., Reid, Ivan D. and Hobson, Peter 2017. Parallel Monte Carlo search for Hough Transform. Journal of Physics: Conference Series. https://doi.org/10.1088/1742-6596/898/7/072052Verifiable public key encryption scheme with equality test in 5G networks
Xu, Yan, Wang, Ming, Zhong, Hong, Cui, Jie, Liu, Lu and Franqueira, Virginia N. L. 2017. Verifiable public key encryption scheme with equality test in 5G networks. IEEE Access. https://doi.org/10.1109/ACCESS.2017.2716971Special issue on cyberharassment investigation: Advances and trends
Bryce, Joanne, Franqueira, Virginia N. L. and Marrington, Andrew 2016. Special issue on cyberharassment investigation: Advances and trends. Journal of Digital Forensics, Security and Law (JDFSL).Faith in vehicles: A set of evaluation criteria for trust management in vehicular ad-hoc network
Ahmad, F., Hall, Jordan, Adnane, Asma and Franqueira, Virginia N. L. 2017. Faith in vehicles: A set of evaluation criteria for trust management in vehicular ad-hoc network. IEEE.Forensically-sound analysis of security risks of using local password managers
Gray, Joshua, Franqueira, Virginia N. L. and Yu, Yijun 2016. Forensically-sound analysis of security risks of using local password managers. IEEE Computer Society. https://doi.org/10.1109/REW.2016.034Forensic investigation of cyberstalking cases using Behavioural Evidence Analysis
Al Mutawa, Noora, Bryce, Joanne, Marrington, Andrew and Franqueira, Virginia N. L. 2016. Forensic investigation of cyberstalking cases using Behavioural Evidence Analysis. Digital Investigation. https://doi.org/10.1016/j.diin.2016.01.012To flip or not to flip: a critical interpretive synthesis of flipped teaching
Franqueira, Virginia N. L. and Tunnicliffe, Peter 2015. To flip or not to flip: a critical interpretive synthesis of flipped teaching. in: Springer International Publishing.Factors influencing digital forensic investigations: Empirical evaluation of 12 years of Dubai police cases
Al Awadhi, Ibtesam, Read, Janet C., Marrington, Andrew and Franqueira, Virginia N. L. 2015. Factors influencing digital forensic investigations: Empirical evaluation of 12 years of Dubai police cases. Journal of Digital Forensics, Security and Law (JDFSL).A systematic approach for cyber security in vehicular networks
Ahmad, F., Adnane, Asma and Franqueira, Virginia N. L. 2016. A systematic approach for cyber security in vehicular networks. Journal of Computer and Communications. https://doi.org/10.4236/jcc.2016.416004Introduction to special issue on risk and trust in embedded critical systems
Rossebø, Judith E. Y., Houmb, Siv H., Georg, Geri, Franqueira, Virginia N. L. and Serpanos, Dimitrios 2014. Introduction to special issue on risk and trust in embedded critical systems. ACM Transactions on Embedded Computing Systems. https://doi.org/10.1145/2659008Efficient computation of hashes
Lopes, Raul, Franqueira, Virginia N. L. and Hobson, Peter 2014. Efficient computation of hashes. Journal of Physics: Conference Series. https://doi.org/10.1088/1742-6596/513/3/032042Behavioural evidence analysis applied to digital forensics: An empirical analysis of child pornography cases using P2P networks
Mutawa, Noora Al, Bryce, Joanne, Franqueira, Virginia N. L. and Marrington, Andrew 2015. Behavioural evidence analysis applied to digital forensics: An empirical analysis of child pornography cases using P2P networks. IEEE Computer Society. https://doi.org/10.1109/ARES.2015.49