Abstract
In designing software systems, security is typically only one design objective among many. It may compete with other objectives such as functionality, usability, and performance. Too often, security mechanisms such as firewalls, access control, or encryption are adopted without explicit recognition of competing design objectives and their origins in stakeholder interests. Recently, there is increasing acknowledgement that security is ultimately about trade-offs. One can only aim for “good enough” security, given the competing demands from many parties. In this paper, we examine how conceptual modeling can provide explicit and systematic support for analyzing security trade-offs. After considering the desirable criteria for conceptual modeling methods, we examine several existing approaches for dealing with security trade-offs. From analyzing the limitations of existing methods, we propose an extension to the i* framework for security trade-off analysis, taking advantage of its multi-agent and goal orientation. The method was applied to several case studies used to exemplify existing approaches.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Dardenne, A., van Lamsweerde, A., Fickas, S.: Goal-Directed Requirements Acquisition. The Science of Computer Programming 20, 3–50 (1993)
Castro, J., Kolp, M., Mylopoulos, J.: A requirements-driven development methodology, In Proc. of the 13th Int. Conf. on Advanced Information Systems Engineering, CAiSE’01. In: Dittrich, K.R., Geppert, A., Norrie, M.C. (eds.) CAiSE 2001. LNCS, vol. 2068, pp. 108–123. Springer, Heidelberg (2001)
Liu, L., Yu, E., Mylopoulos, J.: Analyzing Security Requirements as Relationships among Strategic Actors. In: 2nd Symp. on Requirements Engineering for Information Security (SREIS) (2002)
Anderson, R.: Security Engineering: a guide to Building dependable Distributed systems. John Wiley and Sons, Chichester (2001)
Liu, L., Yu, E., Mylopoulos, J.: Security and Privacy Requirements Analysis within a Social Setting. In: IEEE Joint Int. Conf. on Requirements Engineering, pp. 151–161. IEEE Computer Society Press, Los Alamitos (2003)
Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling Security Requirements through Ownership, Permission and Delegation. In: 13th IEEE Int. Requirements Engineering Conf, pp. 167–176. IEEE Computer Society Press, Los Alamitos (2005)
Yu, E.: Modeling Strategic Relationships for Process Reengineering, PhD thesis, Department of Computer Science, University of Toronto, Canada (1995)
Yu, E.: Towards Modelling and Reasoning Support for Early-Phase Requirements Engineering. In: Proc. of the 3rd IEEE Int. Symp. on Requirements Engineering, pp. 226–235 (1997)
Szolovits, P., Doyle, J., Long, W.J.: Guardian Angel: Patient-Centered Health Information Systems: MIT/LCS/TR-604, Available at: http://www.ga.org/ga
Chung, L., Nixon, B.A., Yu, E., Mylopoulos, J.: Non-Functional Requirements in Software Engineering. Kluwer Academic Publishing, Dordrecht (2000)
Bass, L., Clements, P., Kazman, R.: Software Architecture in Practice, 2nd edn. Addison Wesley, London, UK (2003)
Horkoff, J.: Using i* Models for Evaluation, Masters Thesis, University of Toronto, Department of Computer Science (2006)
Pfleeger, C.P., Pfleeger, S.L.: Security in Computing, 3rd edn. Prentice-Hall, Englewood Cliffs (2002)
McDermott, J., Fox, C.: Using Abuse Case Models for Security Requirements Analysis. In: McDermott, J., Fox, C. (eds.) Proc.15th. IEEE Annual Computer Security Applications Conf., pp. 55–64. IEEE Computer Society Press, Los Alamitos (1999)
Jürjens, J.: Secure Systems Development with UML. Springer Academic Publishers, Germany (2004)
Bresciani, P., Giorgini, P., Mouratidis, H.: On Security Requirements Analysis for Multi-Agent Systems. In: Lucena, C., Garcia, A., Romanovsky, A., Castro, J., Alencar, P.S.C. (eds.) Software Engineering for Multi-Agent Systems II. LNCS, vol. 2940, pp. 35–48. Springer, Heidelberg (2004)
Mouratidis, H., Giorgini, P., Manso, G., Philp, I.: A Natural Extension of Tropos Methodology for Modelling Security. In: Proc. of the Workshop on Agent-oriented methodologies, at OOPSLA, pp. 91–103 (2002)
Mouratidis, H., Giorgini, P.: Manso, Modelling Secure Multiagent Systems. In: the 2nd Int. Conf. on Autonomous Agents and Multiagent Systems, pp. 859–866 (2003)
Grance, T., Stevens, M., Myers, M.: Guide to Selecting Information Technology Security Products, Recommendations of the National Institute of Standards and Technology, NIST Special Publication 800–836 (2003)
Haley, C.B., Moffett, J.D., Laney, R., Nuseibeh, B.: A framework for security requirements engineering. In: Software Engineering for Secure Systems Workshop (SESS’06), pp. 35–42 (2006)
Houmb, S.H., Georg, G., Jürjens, J., France, R.: An Integrated Security Verification and Security Solution Design Trade-off Analysis. In: Integrating Security and Software Engineering: Advances and Future Visions, pp. 190–219. IDEA Group Publishing, USA (2007)
Johnson, P., Lagerstrom, R., Norman, P., Simonsson, M.: Extended Influence Diagrams for Enterprise Architecture Analysis. In: Enterprise Distributed Object Computing Conference, EDOC ’06. 10th IEEE Int., pp. 3–12. IEEE Computer Society Press, Los Alamitos (2006)
Moffett, J.D., Haley, C.B., Nuseibeh, B.: Core Security Requirements Artefacts, Department of Computing, The Open University, Milton Keynes UK, Technical Report 2004/23 (2004)
Mayer, N., Rifaut, A., Dubois, E.: Towards a Risk-Based Security Requirements Engineering Framework, 11th Int. Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ’05) (2005)
Sandhu, R.: Good-Enough Security: Toward a Pragmatic Business-Driven Discipline," IEEE Internet Computing, Vol. IEEE Internet Computing 07(1), 66–68 (2003)
US-CERT Vulnerability Notes Database, United States Computer Emergency Readiness Team, http://www.kb.cert.org/vuls
Houmb, S.H., Georg, G.: The Aspect-Oriented Risk-Driven Development (AORDD) Framework. In: Proc. of the Int. Conf. on Software Development (SWDC.REX), pp. 81–91 (2005)
Elahi, G., Yu, E.: A Goal Oriented Approach for Modeling and Analyzing Security Trade-Offs, Technical Report, University of Toronto, Department of Computer Science, Available (2007), at http://istar.rwth-aachen.de/tiki-index.php?page=Security+Requirements+Engineering
Sasse, M.A.: Computer Security: Anatomy of a Usability Disaster, and a Plan for Recovery, Workshop on Human-Computer Interaction and Security Systems, CHI 2003, Fort Lauderdale (2003)
De Witt, A.J., Kuljis, J.: Aligning Usability And Security-A Usability Study Of Polaris. In: Proc. of the Symp. On Usable Privacy and Security (2006)
Susi, A., Perini, A., Mylopoulos, J.: The Tropos Metamodel and its Use. Informatica 29, 401–408 (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Elahi, G., Yu, E. (2007). A Goal Oriented Approach for Modeling and Analyzing Security Trade-Offs. In: Parent, C., Schewe, KD., Storey, V.C., Thalheim, B. (eds) Conceptual Modeling - ER 2007. ER 2007. Lecture Notes in Computer Science, vol 4801. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75563-0_26
Download citation
DOI: https://doi.org/10.1007/978-3-540-75563-0_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75562-3
Online ISBN: 978-3-540-75563-0
eBook Packages: Computer ScienceComputer Science (R0)