Computer Aided Threat Identification

Recently, there has been an increase of reported security threats hitting organizations. Some of them are originated from the assignments to users of inappropriate permissions on organizational sensitive data. Thus it is crucial for organizations to recognize as early as possible the risks deriving by inappropriate access right management and to identify the solutions that they need to prevent such risks. In this paper, we propose a framework to identify threats during the requirements analysis of organizations' IT systems. With respect to other works which have attempted to include security analysis into requirement engineering process (e.g., KAOS, Elahi et al., Asnar et al.), our framework does not rely on the level of expertise of the security analyst to detect threats but allows to automatically identify threats that derive from inappropriate access management. To capture the organization's setting and the system stakeholders' requirements, we adopt SI* [1], a requirement engineering framework founded on the concepts of actors, goals, tasks and resources. This framework extends SI* with a reasoning technique that identifies potential security threats on resources and relevant goals. The reasoning is based on Answer Set Programming (ASP) logic rules that take into account the relationships between resources and the delegation of permission relations between actors. We illustrate this framework using an eHealth scenario.

[1]  Paolo Giorgini,et al.  Secure and dependable patterns in organizations: an empirical approach , 2007, 15th IEEE International Requirements Engineering Conference (RE 2007).

[2]  John Mylopoulos,et al.  Security and privacy requirements analysis within a social setting , 2003, Proceedings. 11th IEEE International Requirements Engineering Conference, 2003..

[3]  John Mylopoulos,et al.  Goal-driven risk assessment in requirements engineering , 2011, Requirements Engineering.

[4]  John Mylopoulos,et al.  Modeling security requirements through ownership, permission and delegation , 2005, 13th IEEE International Conference on Requirements Engineering (RE'05).

[5]  Eric S. K. Yu,et al.  A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities , 2010, Requirements Engineering.

[6]  Lin Liu,et al.  Service Security Analysis Based on i*: An Approach from the Attacker Viewpoint , 2010, 2010 IEEE 34th Annual Computer Software and Applications Conference Workshops.

[7]  Ketil Stølen,et al.  Model-Driven Risk Analysis - The CORAS Approach , 2010 .

[8]  Nicolas Mayer,et al.  Design of a Modelling Language for Information System Security Risk Management , 2007, RCIS.

[9]  Eric Yu,et al.  Modeling Strategic Relationships for Process Reengineering , 1995, Social Modeling for Requirements Engineering.

[10]  Axel van Lamsweerde,et al.  Handling Obstacles in Goal-Oriented Requirements Engineering , 2000, IEEE Trans. Software Eng..

[11]  Bart De Win,et al.  Transforming Security Requirements into Architecture , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[12]  Axel van Lamsweerde,et al.  Elaborating security requirements by construction of intentional anti-models , 2004, Proceedings. 26th International Conference on Software Engineering.

[13]  John Mylopoulos,et al.  Security Requirements Engineering: The SI* Modeling Language and the Secure Tropos Methodology , 2010, Advances in Intelligent Information Systems.