Risk-aware decision support with constrained goal models

Purpose The selection of security configurations for complex information systems is a cumbersome process. Decision-making regarding the choice of security countermeasures has to take into consideration a multitude of, often conflicting, functional and non-functional system goals. Therefore, a structured method to support crucial security decisions during a system’s design that can take account of risk whilst providing feedback on the optimal decisions within specific scenarios would be valuable. Design/methodology/approach Secure Tropos is a well-established security requirements engineering methodology, but it has no concepts of Risk, whilst Constrained Goal Models are an existing method to support relevant automated reasoning tasks. Hence we bridge these methods, by extending Secure Tropos to incorporate the concept of Risk, so that the elicitation and analysis of security requirements can be complimented by a systematic risk assessment process during a system’s design time and supporting the reasoning regarding the selection of optimal security configurations with respect to multiple system objectives and constraints, via constrained goal models. Findings As a means of conceptual evaluation, to give an idea of the applicability of the approach and to check if alterations may be desirable, a case study of its application to an e-government information system is presented. The proposed approach is able to generate security mechanism configurations for multiple optimisation scenarios that are provided, whilst there are limitations in terms of a natural trade-off of information levels of risk assessment that are required to be elicited. Originality/value The proposed approach adds additional value via its flexibility in permitting the consideration of different optimisation scenarios by prioritising different system goals and the automated reasoning support.

[1]  Haralambos Mouratidis,et al.  Decision-Making in Security Requirements Engineering with Constrained Goal Models , 2017, CyberICPS/SECPRE@ESORICS.

[2]  Haralambos Mouratidis,et al.  A Risk Management Framework for Cloud Migration Decision Support , 2017 .

[3]  Haralambos Mouratidis,et al.  A Semi-Automatic Approach for Eliciting Cloud Security and Privacy Requirements , 2017, HICSS.

[4]  Bashar Nuseibeh,et al.  Automating trade-off analysis of security requirements , 2016, Requirements Engineering.

[5]  Haralambos Mouratidis,et al.  Security Requirements Engineering for Cloud Computing: The Secure Tropos Approach , 2016, Domain-Specific Conceptual Modeling.

[6]  John Mylopoulos,et al.  Multi-objective risk analysis with goal models , 2016, 2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS).

[7]  John Mylopoulos,et al.  Multi-objective reasoning with constrained goal models , 2016, Requirements Engineering.

[8]  Haralambos Mouratidis,et al.  Eliciting Security Requirements for Business Processes of Legacy Systems , 2015, PoEM.

[9]  Roberto Sebastiani,et al.  OptiMathSAT: A Tool for Optimization Modulo Theories , 2015, Journal of Automated Reasoning.

[10]  Kostas Kontogiannis,et al.  Task Specification and Reasoning in Dynamically Altered Contexts , 2014, CAiSE.

[11]  A. Culyer,et al.  Analytic hierarchy process , 2013 .

[12]  Bradley R. Schmerl,et al.  Architecture-based self-protecting software systems , 2013, QoSA '13.

[13]  Axel van Lamsweerde,et al.  A probabilistic framework for goal-oriented risk analysis , 2012, 2012 20th IEEE International Requirements Engineering Conference (RE).

[14]  Wei Huang,et al.  A multi-objective genetic algorithm for minimising network security risk and cost , 2012, 2012 International Conference on High Performance Computing & Simulation (HPCS).

[15]  Heiner Stuckenschmidt,et al.  Data Semantics on the Web , 2012, Journal on Data Semantics.

[16]  Alessio Ishizaka,et al.  Analytic Hierarchy Process and Expert Choice: Benefits and limitations , 2009, OR Insight.

[17]  Haralambos Mouratidis,et al.  Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development , 2008, CAiSE.

[18]  Eric S. K. Yu,et al.  A Goal Oriented Approach for Modeling and Analyzing Security Trade-Offs , 2007, ER.

[19]  Karen A. Scarfone,et al.  A Complete Guide to the Common Vulnerability Scoring System Version 2.0 | NIST , 2007 .

[20]  Haralambos Mouratidis,et al.  Secure Tropos: a Security-Oriented Extension of the Tropos Methodology , 2007, Int. J. Softw. Eng. Knowl. Eng..

[21]  Sushil Kumar,et al.  Analytic hierarchy process: An overview of applications , 2006, Eur. J. Oper. Res..

[22]  Fausto Giunchiglia,et al.  Tropos: An Agent-Oriented Software Development Methodology , 2004, Autonomous Agents and Multi-Agent Systems.

[23]  Gary Stoneburner,et al.  SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .

[24]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[25]  Daniel E. Geer,et al.  Information security is information risk management , 2001, NSPW '01.

[26]  Joachim Karlsson,et al.  A Cost-Value Approach for Prioritizing Requirements , 1997, IEEE Softw..

[27]  Stephen Fickas,et al.  Goal-Directed Requirements Acquisition , 1993, Sci. Comput. Program..

[28]  Eric S. K. Yu,et al.  A Semi-Automated Tool for Requirements Trade-off Analysis , 2011, CAiSE Forum.

[29]  John Mylopoulos,et al.  Formal Reasoning Techniques for Goal Models , 2003, J. Data Semant..