Abstract | ||
---|---|---|
Security has been a growing concern for large organizations, especially financial and governmental institutions, as security breaches in the systems they depend on have repeatedly resulted in billions of dollars in losses per year, and this cost is on the rise. A primary reason for these breaches is that the systems in question are “socio-technical” a mix of people, processes, technology, and infrastructure. However, such systems are designed in a piecemeal rather than a holistic fashion, leaving parts of the system vulnerable. To tackle this problem, we propose a three-layer security analysis framework consisting of a social layer (business processes, social actors), a software layer (software applications that support the social layer), and an infrastructure layer (physical and technological infrastructure). In our proposal, global security requirements lead to local security requirements, cutting across conceptual layers, and upper-layer security analysis influences analysis at lower layers. Moreover, we propose a set of analytical methods and a systematic process that together drive security requirements analysis across the three layers. To support analysis, we have defined corresponding inference rules that (semi-)automate the analysis, helping to deal with system complexity. A prototype tool has been implemented to support analysts throughout the analysis process. Moreover, we have performed a case study on a real-world smart grid scenario to validate our approach. |
Year | DOI | Venue |
---|---|---|
2018 | 10.1007/s10270-016-0560-y | Software and System Modeling |
Keywords | Field | DocType |
Security requirements, Goal model, Enterprise architecture, Socio-technical system, Security pattern | Security convergence,Security testing,Systems engineering,Security engineering,Computer science,Software security assurance,Security service,Cloud computing security,Security information and event management,Computer security model | Journal |
Volume | Issue | ISSN |
17 | 4 | 1619-1374 |
Citations | PageRank | References |
1 | 0.34 | 44 |
Authors | ||
3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Tong Li | 1 | 148 | 30.10 |
Jennifer Horkoff | 2 | 888 | 69.90 |
John Mylopoulos | 3 | 10956 | 1569.74 |