Automated analysis of security requirements through risk-based argumentation

Journal article


Yu, Yijun, Franqueira, Virginia N. L., Than Tun, Thein, Wieringa, Roel J. and Nuseibeh, Bashar 2015. Automated analysis of security requirements through risk-based argumentation. Journal of Systems and Software. https://doi.org/10.1016/j.jss.2015.04.065
AuthorsYu, Yijun, Franqueira, Virginia N. L., Than Tun, Thein, Wieringa, Roel J. and Nuseibeh, Bashar
Abstract

Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about attacks, and constraints on organisational resources. In our earlier work on RISA (RIsk assessment in Security Argumentation), we showed that informal risk assessment can complement the formal analysis of security requirements. In this paper, we integrate the formal and informal assessment of security by proposing a unified meta-model and an automated tool for supporting security argumentation called OpenRISA. Using a uniform representation of risks and arguments, our automated checking of formal arguments can identify relevant risks as rebuttals to those arguments, and identify mitigations from publicly available security catalogues when possible. As a result, security engineers are able to make informed and traceable decisions about the security of their computer-based systems. The application of OpenRISA is illustrated with examples from a PIN Entry Device case study.

KeywordsStructured argumentation; Risk assessment; Security analysis
Year2015
JournalJournal of Systems and Software
PublisherElsevier
ISSN01641212
Digital Object Identifier (DOI)https://doi.org/10.1016/j.jss.2015.04.065
Web address (URL)http://hdl.handle.net/10545/555820
hdl:10545/555820
Publication dates23 Apr 2015
Publication process dates
Deposited26 May 2015, 14:38
Rights

Archived with thanks to Journal of Systems and Software

ContributorsUniversity of Derby
File
File Access Level
Open
Permalink -

https://repository.derby.ac.uk/item/9225x/automated-analysis-of-security-requirements-through-risk-based-argumentation

Download files

  • 40
    total views
  • 0
    total downloads
  • 1
    views this month
  • 0
    downloads this month

Export as

Related outputs

Deep labeller: automatic bounding box generation for synthetic violence detection datasets
Nadeem, M., Kurugollu, F., Saravi, S., Atlam, H. and Franqueira, V. 2023. Deep labeller: automatic bounding box generation for synthetic violence detection datasets. Multimedia Tools and Applications. pp. 1-18. https://doi.org/10.1007/s11042-023-15621-5
Integration and evaluation of QUIC and TCP-BBR in longhaul science data transfers
Lopes, Raul H. C., Franqueira, Virginia N. L. and Duncan, Rand 2019. Integration and evaluation of QUIC and TCP-BBR in longhaul science data transfers. EPJ Web of Conferences. 214, p. 08026. https://doi.org/10.1051/epjconf/201921408026
Privacy verification of photoDNA based on machine learning
Nadeem, Muhammad Shahroz, Franqueira, Virginia N. L. and Zhai, Xiaojun 2019. Privacy verification of photoDNA based on machine learning. in: The Institution of Engineering and Technology (IET).
Behavioural Digital Forensics Model: Embedding Behavioural Evidence Analysis into the Investigation of Digital Crimes
Al Mutawa, Noora, Bryce, Joanne, Franqueira, Virginia N.L., Marrington, Andrew and Read, Janet C. 2018. Behavioural Digital Forensics Model: Embedding Behavioural Evidence Analysis into the Investigation of Digital Crimes. Digital Investigation. https://doi.org/10.1016/j.diin.2018.12.003
Analytical tools for blockchain: review, taxonomy and open challenges.
Balaskas, Anastasios and Franqueira, Virginia N. L. 2018. Analytical tools for blockchain: review, taxonomy and open challenges. IEE Explore. https://doi.org/10.1109/CyberSecPODS.2018.8560672
Blockchain-Based Distributed Marketplace.
Kabi, Oliver R. and Franqueira, Virginia N. L. 2019. Blockchain-Based Distributed Marketplace. in: Springer Nature.
A survey of deep learning solutions for multimedia visual content analysis.
Nadeem, Muhammad Shahroz, Franqueira, Virginia N. L., Zhai, Xiaojun and Kurugollu, Fatih 2019. A survey of deep learning solutions for multimedia visual content analysis. IEEE Access. https://doi.org/10.1109/ACCESS.2019.DOI
A tutorial introduction to IoT design and prototyping with examples.
Meruje, Manuel, Sumaila, Musa, Franqueira, Virginia N. L., Freire, Mario M. and Inacio, Pedro R. M. 2018. A tutorial introduction to IoT design and prototyping with examples. in: Wiley-IEEE Press.
Cloud forensics and security
Franqueira, Virginia N. L., Lopes, Raul, Jones, Andrew and Storer, Tim 2017. Cloud forensics and security. SpringerOpen.
On Locky ransomware, Al Capone and Brexit
MacRae, John and Franqueira, Virginia N. L. 2018. On Locky ransomware, Al Capone and Brexit. in: Springer.
Man-In-The-Middle attacks in Vehicular Ad-Hoc Networks: Evaluating the impact of attackers’ strategies.
Ahmad, F., Adnane, Asma, Franqueira, Virginia N. L., Kurugollu, Fatih and Liu, Lu 2018. Man-In-The-Middle attacks in Vehicular Ad-Hoc Networks: Evaluating the impact of attackers’ strategies. Sensors. 18 (11), p. 4040. https://doi.org/10.3390/s18114040
TEAM: A trust evaluation and management framework in context-enabled vehicular ad-hoc networks.
Ahmad, F., Franqueira, Virginia N. L. and Adnane, Asma 2018. TEAM: A trust evaluation and management framework in context-enabled vehicular ad-hoc networks. IEEE Access. https://doi.org/10.1109/ACCESS.2018.2837887
Investigation of indecent images of children cases: Challenges and suggestions collected from the trenches.
Franqueira, Virginia N. L., Bryce, Joanne, Al Mutawa, Noora and Marrington, Andrew 2017. Investigation of indecent images of children cases: Challenges and suggestions collected from the trenches. Digital Investigation. https://doi.org/10.1016/j.diin.2017.11.002
Parallel Monte Carlo search for Hough Transform.
Lopes, Raul, Franqueira, Virginia N. L., Reid, Ivan D. and Hobson, Peter 2017. Parallel Monte Carlo search for Hough Transform. Journal of Physics: Conference Series. https://doi.org/10.1088/1742-6596/898/7/072052
Verifiable public key encryption scheme with equality test in 5G networks
Xu, Yan, Wang, Ming, Zhong, Hong, Cui, Jie, Liu, Lu and Franqueira, Virginia N. L. 2017. Verifiable public key encryption scheme with equality test in 5G networks. IEEE Access. https://doi.org/10.1109/ACCESS.2017.2716971
Special issue on cyberharassment investigation: Advances and trends
Bryce, Joanne, Franqueira, Virginia N. L. and Marrington, Andrew 2016. Special issue on cyberharassment investigation: Advances and trends. Journal of Digital Forensics, Security and Law (JDFSL).
Faith in vehicles: A set of evaluation criteria for trust management in vehicular ad-hoc network
Ahmad, F., Hall, Jordan, Adnane, Asma and Franqueira, Virginia N. L. 2017. Faith in vehicles: A set of evaluation criteria for trust management in vehicular ad-hoc network. IEEE.
Forensically-sound analysis of security risks of using local password managers
Gray, Joshua, Franqueira, Virginia N. L. and Yu, Yijun 2016. Forensically-sound analysis of security risks of using local password managers. IEEE Computer Society. https://doi.org/10.1109/REW.2016.034
Forensic investigation of cyberstalking cases using Behavioural Evidence Analysis
Al Mutawa, Noora, Bryce, Joanne, Marrington, Andrew and Franqueira, Virginia N. L. 2016. Forensic investigation of cyberstalking cases using Behavioural Evidence Analysis. Digital Investigation. https://doi.org/10.1016/j.diin.2016.01.012
To flip or not to flip: a critical interpretive synthesis of flipped teaching
Franqueira, Virginia N. L. and Tunnicliffe, Peter 2015. To flip or not to flip: a critical interpretive synthesis of flipped teaching. in: Springer International Publishing.
Factors influencing digital forensic investigations: Empirical evaluation of 12 years of Dubai police cases
Al Awadhi, Ibtesam, Read, Janet C., Marrington, Andrew and Franqueira, Virginia N. L. 2015. Factors influencing digital forensic investigations: Empirical evaluation of 12 years of Dubai police cases. Journal of Digital Forensics, Security and Law (JDFSL).
A systematic approach for cyber security in vehicular networks
Ahmad, F., Adnane, Asma and Franqueira, Virginia N. L. 2016. A systematic approach for cyber security in vehicular networks. Journal of Computer and Communications. https://doi.org/10.4236/jcc.2016.416004
Introduction to special issue on risk and trust in embedded critical systems
Rossebø, Judith E. Y., Houmb, Siv H., Georg, Geri, Franqueira, Virginia N. L. and Serpanos, Dimitrios 2014. Introduction to special issue on risk and trust in embedded critical systems. ACM Transactions on Embedded Computing Systems. https://doi.org/10.1145/2659008
Efficient computation of hashes
Lopes, Raul, Franqueira, Virginia N. L. and Hobson, Peter 2014. Efficient computation of hashes. Journal of Physics: Conference Series. https://doi.org/10.1088/1742-6596/513/3/032042
Behavioural evidence analysis applied to digital forensics: An empirical analysis of child pornography cases using P2P networks
Mutawa, Noora Al, Bryce, Joanne, Franqueira, Virginia N. L. and Marrington, Andrew 2015. Behavioural evidence analysis applied to digital forensics: An empirical analysis of child pornography cases using P2P networks. IEEE Computer Society. https://doi.org/10.1109/ARES.2015.49
Challenges of data provenance for cloud forensic investigations
Katilu, Victoria M., Franqueira, Virginia N. L. and Angelopoulou, Olga 2015. Challenges of data provenance for cloud forensic investigations. IEEE Computer Society. https://doi.org/10.1109/ARES.2015.54