A goal oriented approach for modeling and analyzing security trade-offs

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4801 LNCS, Issue , 2007, Pages 375-390

  Elahi, Golnaz ^a   Yu, Eric ^a  

^a UNIVERSITY OF TORONTO   (Canada)

Author keywords

Goal model evaluation; Goal modeling; Security trade offs; Trade off analysis

Indexed keywords

COMPUTER SYSTEM FIREWALLS; CRYPTOGRAPHY; MATHEMATICAL MODELS; SOFTWARE DESIGN;

GOAL MODEL EVALUATION; GOAL MODELING; SECURITY TRADE-OFFS; TRADE-OFF ANALYSIS;

SECURITY OF DATA;

EID: 38349123642     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-75563-0_26     Document Type: Conference Paper

References (31)

1. Dardenne, A., van Lamsweerde, A., Fickas, S.: Goal-Directed Requirements Acquisition. The Science of Computer Programming 20, 3-50 (1993)
2. Castro, J., Kolp, M., Mylopoulos, J.: A requirements-driven development methodology, In Proc. of the 13th Int. Conf. on Advanced Information Systems Engineering, CAiSE'Ol. In: Dittrich, K.R., Geppert, A., Norrie, M.C. (eds.) CAiSE 2001. LNCS, vol. 2068, pp. 108-123. Springer, Heidelberg (2001)
3. Liu, L., Yu, E., Mylopoulos, J.: Analyzing Security Requirements as Relationships among Strategic Actors. In: 2nd Symp. on Requirements Engineering for Information Security (SREIS) (2002)
4. Anderson, R.: Security Engineering: a guide to Building dependable Distributed systems. John Wiley and Sons, Chichester (2001)
5. Liu, L., Yu, E., Mylopoulos, J.: Security and Privacy Requirements Analysis within a Social Setting. In: IEEE Joint Int. Conf. on Requirements Engineering, pp. 151-161. IEEE Computer Society Press, Los Alamitos (2003)
6. Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling Security Requirements through Ownership, Permission and Delegation. In: 13th IEEE Int. Requirements Engineering Conf, pp. 167-176. IEEE Computer Society Press, Los Alamitos (2005)
7. Yu, E.: Modeling Strategic Relationships for Process Reengineering, PhD thesis, Department of Computer Science, University of Toronto, Canada (1995)
8. Yu, E.: Towards Modelling and Reasoning Support for Early-Phase Requirements Engineering. In: Proc. of the 3rd IEEE Int. Symp. on Requirements Engineering, pp. 226-235 (1997)
9. Szolovits, P., Doyle, J., Long, W.J.: Guardian Angel: Patient-Centered Health Information Systems: MIT/LCS/TR-604, Available at: http://www.ga.org/ga
10. Chung, L., Nixon, B.A., Yu, E., Mylopoulos, J.: Non-Functional Requirements in Software Engineering. Kluwer Academic Publishing, Dordrecht (2000)
11. Bass, L., Clements, P., Kazman, R.: Software Architecture in Practice, 2nd edn. Addison Wesley, London, UK (2003)
12. Horkoff, J.: Using i* Models for Evaluation, Masters Thesis, University of Toronto, Department of Computer Science (2006)
13. Pfleeger, C.P., Pfleeger, S.L.: Security in Computing, 3rd edn. Prentice-Hall, Englewood Cliffs (2002)
14. McDermott, J., Fox, C.: Using Abuse Case Models for Security Requirements Analysis. In: McDermott, J., Fox, C. (eds.) Proc. 15th. IEEE Annual Computer Security Applications Conf., pp. 55-64. IEEE Computer Society Press, Los Alamitos (1999)
15. Jürjens, J.: Secure Systems Development with UML. Springer Academic Publishers, Germany (2004)
16. Bresciani, P., Giorgini, P., Mouratidis, H.: On Security Requirements Analysis for Multi-Agent Systems. In: Lucena, C., Garcia, A., Romanovsky, A., Castro, J., Alencar, P.S.C. (eds.) Software Engineering for Multi-Agent Systems II. LNCS, vol. 2940, pp. 35-48. Springer, Heidelberg (2004)
17. Mouratidis, H., Giorgini, P., Manso, G., Philp, I.: A Natural Extension of Tropos Methodology for Modelling Security. In: Proc. of the Workshop on Agent-oriented methodologies, at OOPSLA, pp. 91-103 (2002)
18. Mouratidis, H., Giorgini, P.: Manso, Modelling Secure Multiagent Systems. In: the 2nd Int. Conf. on Autonomous Agents and Multiagent Systems, pp. 859-866 (2003)
19. Granee, T., Stevens, M., Myers, M.: Guide to Selecting Information Technology Security Products, Recommendations of the National Institute of Standards and Technology, NIST Special Publication 800-836 (2003)
20. Haley, C.B., Moffett, J.D., Laney, R., Nuseibeh, B.: A framework for security requirements engineering. In: Software Engineering for Secure Systems Workshop (SESS'06), pp. 35-42 (2006)
21. Houmb, S.H., Georg, G., Jürjens, J., France, R.: An Integrated Security Verification and Security Solution Design Trade-off Analysis. In: Integrating Security and Software Engineering: Advances and Future Visions, pp. 190-219. IDEA Group Publishing, USA (2007)
22. Johnson, P., Lagerstrom, R., Norman, P., Simonsson, M.: Extended Influence Diagrams for Enterprise Architecture Analysis. In: Enterprise Distributed Object Computing Conference, EDOC '06. 10th IEEE Int., pp. 3-12. IEEE Computer Society Press, Los Alamitos (2006)
23. Moffett, J.D., Haley, C.B., Nuseibeh, B.: Core Security Requirements Artefacts, Department of Computing, The Open University, Milton Keynes UK, Technical Report 2004/23 (2004)
24. Mayer, N., Rifaut, A., Dubois, E.: Towards a Risk-Based Security Requirements Engineering Framework, 11th Int. Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ'05) (2005)
25. Sandhu, R.: Good-Enough Security: Toward a Pragmatic Business-Driven Discipline," IEEE Internet Computing, Vol. IEEE Internet Computing 07(1), 66-68 (2003)
26. US-CERT Vulnerability Notes Database, United States Computer Emergency Readiness Team, http://www.kb.cert.org/vuls
27. Houmb, S.H., Georg, G.: The Aspect-Oriented Risk-Driven Development (AORDD) Framework. In: Proc. of the Int. Conf. on Software Development (SWDC.REX), pp. 81-91 (2005)
28. Elahi, G., Yu, E.: A Goal Oriented Approach for Modeling and Analyzing Security Trade-Offs, Technical Report, University of Toronto, Department of Computer Science, Available (2007), at http://istar.rwth-aachen.de/tike-index. php?page=Security+Requirements+Engineering
29. Sasse, M.A.: Computer Security: Anatomy of a Usability Disaster, and a Plan for Recovery, Workshop on Human-Computer Interaction and Security Systems, CHI 2003, Fort Lauderdale (2003)
30. De Witt, A.J., Kuljis, J.: Aligning Usability And Security-A Usability Study Of Polaris. In: Proc. of the Symp. On Usable Privacy and Security (2006)
31. Susi, A., Perini, A., Mylopoulos, J.: The Tropos Metamodel and its Use. Informatica 29, 401-408 (2005)