Risk and Argument: A Risk-based Argumentation Method for Practical Security


Franqueira, Virginia N.L. and Tun, Thein Tan and Yu, Yijun and Wieringa, Roel and Nuseibeh, Bashar (2011) Risk and Argument: A Risk-based Argumentation Method for Practical Security. In: 19th IEEE International Requirements Engineering Conference, 29 Aug - 02 Sep 2011, Trento, Italy.

open access
Abstract:When showing that a software system meets certain
security requirements, it is often necessary to work with formal and informal descriptions of the system behavior, vulnerabilities, and threats from potential attackers. In earlier work, Haley et al. [1] showed structured argumentation could deal with such mixed descriptions. However, incomplete and uncertain information, and limited resources force practitioners to settle for good-enough security. To deal with these conditions of practice,
we extend the method of Haley et al. with risk assessment.
The proposed method, RISA (RIsk assessment in Security Argumentation), uses public catalogs of security expertise to support the risk assessment, and to guide the security argumentation in identifying rebuttals and mitigations for security requirements satisfaction. We illustrate RISA with a realistic example of PIN Entry Device.
Item Type:Conference or Workshop Item
Electrical Engineering, Mathematics and Computer Science (EEMCS)
Research Group:
Link to this item:http://purl.utwente.nl/publications/77543
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page