Goal-driven risk assessment in requirements engineering

Risk analysis is traditionally considered a critical activity for the whole software system’s lifecycle. Risks are identified by considering technical aspects (e.g., failures of the system, unavailability of services, etc.) and handled by suitable countermeasures through a refined design. This, however, introduces the problem of reconsidering system requirements. In this paper, we propose a goal-oriented approach for analyzing risks during the requirements analysis phase. Risks are analyzed along with stakeholder interests, and then countermeasures are identified and introduced as part of the system’s requirements. This work extends the Tropos goal modeling formal framework proposing new concepts, qualitative reasoning techniques, and methodological procedures. The approach is based on a conceptual framework composed of three main layers: assets, events, and treatments. We use “loan origination process” case study to illustrate the proposal, and we present and discuss experimental results obtained from the case study.

[1]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[2]  Martin S. Feather Towards a unified approach to the representation of, and reasoning with, probabilistic risk information about software and its system interface , 2004, 15th International Symposium on Software Reliability Engineering.

[3]  H. A. Lingstone,et al.  The Delphi Method: Techniques and Applications , 1976 .

[4]  Paolo Giorgini,et al.  Secure and dependable patterns in organizations: an empirical approach , 2007, 15th IEEE International Requirements Engineering Conference (RE 2007).

[5]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[6]  Trevor Kletz Hazop—past and future , 1997 .

[7]  Paolo Giorgini,et al.  Modelling Risk and Identifying Countermeasure in Organizations , 2006, CRITIS.

[8]  Martin S. Feather,et al.  Fusing Quantitative Requirements Analysis with Model-based Systems Engineering , 2006, 14th IEEE International Requirements Engineering Conference (RE'06).

[9]  Geoffrey G. Roy,et al.  A framework for risk analysis in software engineering , 2000, Proceedings Seventh Asia-Pacific Software Engeering Conference. APSEC 2000.

[10]  Glenn Shafer,et al.  A Mathematical Theory of Evidence , 2020, A Mathematical Theory of Evidence.

[11]  Julio Cesar Sampaio do Prado Leite,et al.  On Non-Functional Requirements in Software Engineering , 2009, Conceptual Modeling: Foundations and Applications.

[12]  Janice Singer,et al.  Guide to Advanced Empirical Software Engineering , 2007 .

[13]  Paul Fischbeck,et al.  Multi-attribute risk assessment , 2002 .

[14]  Robyn R. Lutz,et al.  Requirements analysis using forward and backward search , 1997, Ann. Softw. Eng..

[15]  Maurizio Sebastianis,et al.  Risk as Dependability Metrics for the Evaluation of Business Solutions: A Model-driven Approach , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[16]  Glyn A. Holton Defining Risk , 2004 .

[17]  Annie I. Antón,et al.  Goal-based requirements analysis , 1996, Proceedings of the Second International Conference on Requirements Engineering.

[18]  Paolo Giorgini,et al.  Analyzing Business Continuity through a Multi-layers Model , 2008, BPM.

[19]  Axel van Lamsweerde,et al.  Handling Obstacles in Goal-Oriented Requirements Engineering , 2000, IEEE Trans. Software Eng..

[20]  Fausto Giunchiglia,et al.  Tropos: An Agent-Oriented Software Development Methodology , 2004, Autonomous Agents and Multi-Agent Systems.

[21]  John Mylopoulos,et al.  Security and privacy requirements analysis within a social setting , 2003, Proceedings. 11th IEEE International Requirements Engineering Conference, 2003..

[22]  Shawn A. Butler,et al.  Security Attribute Evaluation Method , 2003 .

[23]  E. Dubois,et al.  Towards a Risk-Based Security Requirements Engineering Framework , 2005 .

[24]  Eric Dubois,et al.  Requirements Engineering for Improving Business/IT Alignment in Security Risk Management Methods , 2007, IESA.

[25]  Axel van Lamsweerde,et al.  From system goals to intruder anti-goals: attack generation and resolution for security requirements engineering , 2003 .

[26]  Jan Jürjens,et al.  Towards Development of Secure Systems Using UMLsec , 2001, FASE.

[27]  Suresh L. Konda,et al.  Taxonomy-Based Risk Identification , 1993 .

[28]  Fabio Massacci,et al.  From Trust to Dependability through Risk Analysis , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[29]  John Mylopoulos,et al.  Non-Functional Requirements in Software Engineering , 2000, International Series in Software Engineering.

[30]  T. Bedford,et al.  Probabilistic Risk Analysis: Foundations and Methods , 2001 .

[31]  Stephen Fickas,et al.  Goal-Directed Requirements Acquisition , 1993, Sci. Comput. Program..

[32]  B. Boehm Software risk management: principles and practices , 1991, IEEE Software.

[33]  John P. McDermott,et al.  Using abuse case models for security requirements analysis , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[34]  Ketil Stølen,et al.  The CORAS methodology: model-based risk assessment using UML and UP , 2003 .

[35]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[36]  John Mylopoulos,et al.  Simple and Minimum-Cost Satisfiability for Goal Models , 2004, CAiSE.

[37]  Makis Stamatelatos,et al.  Fault tree handbook with aerospace applications , 2002 .

[38]  John Mylopoulos,et al.  Formal Reasoning Techniques for Goal Models , 2003, J. Data Semant..

[39]  Vasant Honavar,et al.  A Software Fault Tree Approach to Requirements Analysis of an Intrusion Detection System , 2002, Requirements Engineering.