Abstract
Measuring the security of a software system is a difficult problem. This paper presents a model using common security concepts to evaluate the security of a system under design. After providing definitions for all relevant concepts and formalizing some of them, we define security requirements for transactions and provide mechanisms to measure the likelihood of violation of these requirements. Our model is based on individual risks presented by system components. Based on the security policy and individual risks, we calculate violation risk for a certain transaction. Context and other risk factors are considered and can be used to adjust the final risk figure. As part of our discussion, we address trust and risk and their significance to security engineering. Based on the decision process, the same trust assumptions may increase, or decrease, the risk to the system. We model the fact that small individual risks can be transformed into major risks when combined together in a complex attack.
- Alberts, C. J., Dorofree A. J., Managing Information Security Risks: the OCTAVE Approach, Addison Wesley, July 2002. Google ScholarDigital Library
- Blakley, B., McDermott, E. and Geer, D., Information Security is Information Risk Management, Proceedings of the 2001 workshop on New security paradigms September 2001. Google ScholarDigital Library
- Devanbu, P., Fong, P. W., Stubblebine, S. G., Techniques for Trusted Software Engineering, Proceedings of the 20th International Conference on Software Engineering, Pages. 126--135, April 1998. Google ScholarDigital Library
- Dimmock, N., Belokosztolszki, A., Eyers, D., Bacon, J. and Moody, K., Using Trust and Risk in Role-Based Access Control Policies, Proceedings of the ninth ACM symposium on Access control models and technologies, June 2004. Google ScholarDigital Library
- Dwaikat, Z., Parisi-Presicce, F., From Misuse Cases to Collaboration Diagrams in UML, Proceedings of the 3rd International Workshop on Critical Systems Development with UML, October 2004.Google Scholar
- Grandison, T. and Sloman, M., A Survey of trust in internet applications, IEEE Communications Surveys and Tutorials 3 2000, pp. 2--16, 2004. Google ScholarDigital Library
- Grunbauer, J., Hollmann, H., Jurjens, J. and Wimmel, G., Modeling and Verification of Layered Security Protocols: A Bank Application, SAFECOMP 2003, LNCS 2788, pp. 116--129, 2003.Google Scholar
- Guha, R., Kumar, R., Raghavan, P. and Tomkins A., Propagation of Trust and Distrust, Proceedings of the 13th international conference on WWW, May 2004. Google ScholarDigital Library
- Haley, C., Laney, R., Moffett, J., and Nuseibeh, B., Picking Battles: The Impact of Trust Assumptions on the Elaboration of Security Requirements, iTrust 2004, LNCS 2995, pp. 347--354, 2004. Google ScholarDigital Library
- Hoglund, G. and McGraw, G., Exploiting Software: How to break Code, Addison-Wesley, 2004. Google ScholarDigital Library
- Internet Engineering Task Force, RFC 2828, www.ietf.orgGoogle Scholar
- McGraw, G., Managing Software Security Risks, IEEE Computer, Vol. 35, Issue: 4, March 2002, Pages: 99--101. Google ScholarDigital Library
- Meyer, B., The Grand Challenge of Trusted Components, Proceeding of 25th ICSE, 2003, Pages. 660--667, May 2003. Google ScholarDigital Library
- Oheimb, D. and Lotz, V., Formal Security Analysis with Interacting State Machines, ESORICS 2002, LNCS 2502, pp. 212--229, 2002. Google ScholarDigital Library
- Ray, I. and Chakraborty, S., A Vector Model of Trust for Developing Trustworthy Systems, ESORIC 2004, LCNS 3139, pp. 260--275, 2004.Google ScholarCross Ref
- Schneider, F., Enforceable Security Policies, ACM Trans. On Information and System Security, Vol. 3, No. 1, Feb. 2000, pp. 30--50. Google ScholarDigital Library
- Stoneburner, G., Grogen, A., Dering, A., Risk Management Guide for Information Technology Systems, National Institute for Standards and Technology, SP 800-30.Google Scholar
- Theodorakopoulos, G. and Baras, J., Trust Evaluation in Adhoc Networks, Proceedings of the 2004 ACM workshop on Wireless Security, October 2004. Google ScholarDigital Library
- Viega, J., Kohno, T. and Potter, B., Trust (and Mistrust) in Secure Applications, Communications of the ACM, Feb 2001, Vol. 44, No. 2. Google ScholarDigital Library
- Viega, J. and McGraw, G., Building Secure Software: How to Avoid Security Problems the Right Way, Addison-Wesley, 2001. Google ScholarDigital Library
Index Terms
- Risky trust: risk-based analysis of software systems
Recommendations
Risky trust: risk-based analysis of software systems
SESS '05: Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applicationsMeasuring the security of a software system is a difficult problem. This paper presents a model using common security concepts to evaluate the security of a system under design. After providing definitions for all relevant concepts and formalizing some ...
Taxonomy of information security risk assessment (ISRA)
Information is a perennially significant business asset in all organizations. Therefore, it must be protected as any other valuable asset. This is the objective of information security, and an information security program provides this kind of ...
Distrust and trust in B2C e-commerce: do they differ?
ICEC '06: Proceedings of the 8th international conference on Electronic commerce: The new e-commerce: innovations for conquering current barriers, obstacles and limitations to conducting successful business on the internetResearchers have not studied e-commerce <u>distrust</u> as much as e-commerce <u>trust</u>. This study examines whether trust and distrust are distinct concepts. If trust and distrust are the same, lack of distrust research matters little. But if they ...
Comments