Trust Trade-off Analysis for Security Requirements Engineering

Security requirements often have implicit assumptions about trust relationships among actors. The more actors trust each other, the less stringent the security requirements are likely to be. Trust always involves the risk of mistrust; hence, trust implies a trade-off: gaining some benefits from depending on a second party in trade for getting exposed to security and privacy risks. When trust assumptions are implicit, these trust trade-offs are made implicitly and in an ad-hoc way. By taking advantage of agent- and goal-oriented analysis, we propose a method for discovering trade-offs that trust relationships bring. This method aims to help the analyst select among alternative dependency relationships by making explicit trust trade-offs. We propose a simple algorithm for making the trade-offs in a way that reaches a balance between costs and benefits.

[1]  Fabio Massacci,et al.  Security and Trust Requirements Engineering , 2005, FOSAD.

[2]  R. L. Keeney,et al.  Decisions with Multiple Objectives: Preferences and Value Trade-Offs , 1977, IEEE Transactions on Systems, Man, and Cybernetics.

[3]  Axel van Lamsweerde,et al.  Requirements engineering in the year 00: a research perspective , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[4]  Bashar Nuseibeh,et al.  Security Requirements Engineering: A Framework for Representation and Analysis , 2008, IEEE Transactions on Software Engineering.

[5]  Matthias Ehrgott,et al.  Multiple criteria decision analysis: state of the art surveys , 2005 .

[6]  Eric S. K. Yu,et al.  A Goal Oriented Approach for Modeling and Analyzing Security Trade-Offs , 2007, ER.

[7]  Tadayoshi Kohno,et al.  Trust (and mistrust) in secure applications , 2001, CACM.

[8]  Ralph L. Keeney,et al.  Decisions with multiple objectives: preferences and value tradeoffs , 1976 .

[9]  Eric Yu,et al.  Modeling Strategic Relationships for Process Reengineering , 1995, Social Modeling for Requirements Engineering.

[10]  Bashar Nuseibeh,et al.  Using trust assumptions with security requirements , 2005, Requirements Engineering.

[11]  John Mylopoulos,et al.  Non-Functional Requirements in Software Engineering , 2000, International Series in Software Engineering.

[12]  Stephen Marsh,et al.  Trust, Untrust, Distrust and Mistrust - An Exploration of the Dark(er) Side , 2005, iTrust.

[13]  Eric S. K. Yu,et al.  A Qualitative, Interactive Evaluation Procedure for Goal- and Agent-Oriented Models , 2009, CAiSE Forum.

[14]  Ralph L. Keeney,et al.  Book Reviews : Scientific Opportunities and Public Needs: Improv ing Priority Setting and Public Input at the National Institutes of Health. Institute of Medicine. Washington, DC: National Academy Press, 1998, 136 pages, $26.00 , 1998 .

[15]  Eric S. K. Yu,et al.  A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities , 2010, Requirements Engineering.

[16]  Paul Clements,et al.  Software architecture in practice , 1999, SEI series in software engineering.

[17]  Rino Falcone,et al.  Principles of trust for MAS: cognitive anatomy, social importance, and quantification , 1998, Proceedings International Conference on Multi Agent Systems (Cat. No.98EX160).

[18]  Lin Liu,et al.  Modelling Trust for System Design Using the i* Strategic Actors Framework , 2000, Trust in Cyber-societies.

[19]  Julio Cesar Sampaio do Prado Leite,et al.  On Non-Functional Requirements in Software Engineering , 2009, Conceptual Modeling: Foundations and Applications.

[20]  John Mylopoulos,et al.  Security and privacy requirements analysis within a social setting , 2003, Proceedings. 11th IEEE International Requirements Engineering Conference, 2003..

[21]  Daniel E. Geer,et al.  Information security is information risk management , 2001, NSPW '01.

[22]  John Mylopoulos,et al.  Modeling security requirements through ownership, permission and delegation , 2005, 13th IEEE International Conference on Requirements Engineering (RE'05).

[23]  Eric S. K. Yu,et al.  Trade-off Analysis of Identity Management Systems with an Untrusted Identity Provider , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.

[24]  F. B. Vernadat,et al.  Decisions with Multiple Objectives: Preferences and Value Tradeoffs , 1994 .