Holistic security requirements analysis for socio-technical systems

Security has been a growing concern for large organizations, especially financial and governmental institutions, as security breaches in the systems they depend on have repeatedly resulted in billions of dollars in losses per year, and this cost is on the rise. A primary reason for these breaches is that the systems in question are “socio-technical” a mix of people, processes, technology, and infrastructure. However, such systems are designed in a piecemeal rather than a holistic fashion, leaving parts of the system vulnerable. To tackle this problem, we propose a three-layer security analysis framework consisting of a social layer (business processes, social actors), a software layer (software applications that support the social layer), and an infrastructure layer (physical and technological infrastructure). In our proposal, global security requirements lead to local security requirements, cutting across conceptual layers, and upper-layer security analysis influences analysis at lower layers. Moreover, we propose a set of analytical methods and a systematic process that together drive security requirements analysis across the three layers. To support analysis, we have defined corresponding inference rules that (semi-)automate the analysis, helping to deal with system complexity. A prototype tool has been implemented to support analysts throughout the analysis process. Moreover, we have performed a case study on a real-world smart grid scenario to validate our approach.

[1]  Keqin Li,et al.  Organizational Patterns for Security and Dependability: From Design to Application , 2011, Int. J. Secur. Softw. Eng..

[2]  Eric S. K. Yu,et al.  Analyzing goal models: different approaches and how to choose among them , 2011, SAC.

[3]  Per Runeson,et al.  Guidelines for conducting and reporting case study research in software engineering , 2009, Empirical Software Engineering.

[4]  Raimundas Matulevicius,et al.  Towards Definition of Secure Business Processes , 2012, CAiSE Workshops.

[5]  Davor Svetinovic,et al.  Evaluating the effectiveness of the security quality requirements engineering (SQUARE) method: a case study using smart grid advanced metering infrastructure , 2012, Requirements Engineering.

[6]  Eduardo B. Fernández,et al.  Security Patterns for Physical Access Control Systems , 2007, DBSec.

[7]  Jan Jürjens,et al.  From goal‐driven security requirements engineering to secure design , 2010, Int. J. Intell. Syst..

[8]  Wouter Joosen,et al.  Architecting software with security patterns , 2008 .

[9]  Janice Singer,et al.  Studying Software Engineers: Data Collection Techniques for Software Field Studies , 2005, Empirical Software Engineering.

[10]  Ilia Bider,et al.  Enterprise, Business-Process and Information Systems Modeling , 2014, Lecture Notes in Business Information Processing.

[11]  Aurora Vizcaíno,et al.  Requirements engineering tools: Capabilities, survey and assessment , 2012, Inf. Softw. Technol..

[12]  Axel van Lamsweerde,et al.  Handling Obstacles in Goal-Oriented Requirements Engineering , 2000, IEEE Trans. Software Eng..

[13]  Donald E. Knuth,et al.  The Art of Computer Programming: Volume 3: Sorting and Searching , 1998 .

[14]  Neil A. Ernst,et al.  Techne: Towards a New Generation of Requirements Modeling Languages with Goals, Preferences, and Inconsistency Handling , 2010, 2010 18th IEEE International Requirements Engineering Conference.

[15]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[16]  Michael Jackson,et al.  Four dark corners of requirements engineering , 1997, TSEM.

[17]  日本規格協会 情報技術-セキュリティ技術-情報セキュリティ管理策の実践のための規範 : ISO/IEC 27002 = Information technology-Security techniques-Code of practice for information security controls : ISO/IEC 27002 , 2013 .

[18]  Haralambos Mouratidis,et al.  Secure Software Systems Engineering: The Secure Tropos Approach (Invited Paper) , 2011, J. Softw..

[19]  Tony Flick,et al.  Securing the Smart Grid: Next Generation Power Grid Security , 2010 .

[20]  Ralph E. Johnson,et al.  Organizing Security Patterns , 2007, IEEE Software.

[21]  Isabelle Comyn-Wattiau,et al.  Reusable knowledge in security requirements engineering: a systematic mapping study , 2015, Requirements Engineering.

[22]  Bashar Nuseibeh,et al.  Deriving security requirements from crosscutting threat descriptions , 2004, AOSD '04.

[23]  Peter Herrmann,et al.  Security requirement analysis of business processes , 2006, Electron. Commer. Res..

[24]  Eduardo B. Fernández,et al.  Engineering Security into Distributed Systems: A Survey of Methodologies , 2012, J. Univers. Comput. Sci..

[25]  QWU RGXFWLRQ Linking Patterns and Non-Functional Requirements , 2002 .

[26]  John Mylopoulos,et al.  A Prototype Tool for Modeling and Analyzing Security Requirements from A Holistic Viewpoint , 2014, CAiSE.

[27]  Birger Andersson,et al.  A Method to Support the Alignment of Business Models and Goal Models , 2008 .

[28]  João Pimentel,et al.  Deriving software architectural models from requirements models for adaptive systems: the STREAM-A approach , 2011, Requirements Engineering.

[29]  Donald E. Knuth,et al.  The art of computer programming: sorting and searching (volume 3) , 1973 .

[30]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[31]  John Mylopoulos,et al.  Evaluating Modeling Languages: An Example from the Requirements Domain , 2014, ER.

[32]  Christoph Meinel,et al.  Security Requirements Specification in Service-Oriented Business Process Management , 2009, 2009 International Conference on Availability, Reliability and Security.

[33]  Jennifer Horkoff,et al.  Dealing with Security Requirements for Socio-Technical Systems: A Holistic Approach , 2014, CAiSE.

[34]  Haralambos Mouratidis,et al.  A Natural Extension of Tropos Methodology for Modelling Security , 2002 .

[35]  Van Haren,et al.  TOGAF Version 9.1 , 2011 .

[36]  Thomas Heyman,et al.  An Analysis of the Security Patterns Landscape , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).

[37]  Eduardo B. Fernández,et al.  Two Patterns for Web Services Security , 2004, International Conference on Internet Computing.

[38]  John Mylopoulos,et al.  Analyzing and Enforcing Security Mechanisms on Requirements Specifications , 2015, REFSQ.

[39]  Fabio Massacci,et al.  Security and Trust Requirements Engineering , 2005, FOSAD.

[40]  Eduardo B. Fernández,et al.  The Secure Three-Tier Architecture Pattern , 2008, 2008 International Conference on Complex, Intelligent and Software Intensive Systems.

[41]  Lawrence Chung,et al.  Dealing with Security Requirements During the Development of Information Systems , 1993, CAiSE.

[42]  Eric S. K. Yu,et al.  Finding Solutions in Goal Models: An Interactive Backward Reasoning Approach , 2010, ER.

[43]  Eric S. K. Yu,et al.  Towards modelling and reasoning support for early-phase requirements engineering , 1997, Proceedings of ISRE '97: 3rd IEEE International Symposium on Requirements Engineering.

[44]  Henk Jonkers,et al.  The Architecture of the ArchiMate Language , 2009, BMMDS/EMMSAD.

[45]  Nada Golmie,et al.  NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 3.0 , 2014 .

[46]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[47]  Sam Supakkul,et al.  Representing NFRs and FRs: A Goal-Oriented and Use Case Driven Approach , 2004, SERA.

[48]  Eric S. K. Yu,et al.  Comparison and evaluation of goal-oriented satisfaction analysis techniques , 2013, Requirements Engineering.

[49]  Daniel Gross,et al.  From Non-Functional Requirements to Design through Patterns , 2001, Requirements Engineering.

[50]  John Mylopoulos,et al.  Taking goal models downstream: A systematic roadmap , 2014, 2014 IEEE Eighth International Conference on Research Challenges in Information Science (RCIS).

[51]  John Mylopoulos,et al.  Security and privacy requirements analysis within a social setting , 2003, Proceedings. 11th IEEE International Requirements Engineering Conference, 2003..

[52]  Donald Firesmith,et al.  Specifying Reusable Security Requirements , 2004, J. Object Technol..

[53]  John A. Zachman,et al.  A Framework for Information Systems Architecture , 1987, IBM Syst. J..

[54]  John Mylopoulos,et al.  An Empirical Evaluation of the i* Framework in a Model-Based Software Generation Environment , 2006, CAiSE.

[55]  Joseph W. Yoder,et al.  Architectural Patterns for Enabling Application Security , 1998 .

[56]  Georg Gottlob,et al.  Disjunctive datalog , 1997, TODS.

[57]  John Mylopoulos,et al.  Using Goal Models Downstream: A Systematic Roadmap and Literature Review , 2015, Int. J. Inf. Syst. Model. Des..

[58]  Mario Piattini,et al.  Semi-formal transformation of secure business processes into analysis class and use case models: An MDA approach , 2010, Inf. Softw. Technol..

[59]  Eduardo Fernandez-Buglioni,et al.  Security Patterns in Practice: Designing Secure Architectures Using Software Patterns , 2013 .

[60]  Paolo Giorgini,et al.  Managing Security Requirements Conflicts in Socio-Technical Systems , 2013, ER.

[61]  Fabio Massacci,et al.  How to Select a Security Requirements Method? A Comparative Study with Students and Practitioners , 2012, NordSec.

[62]  Mario Piattini,et al.  Secure business process model specification through a UML 2.0 activity diagram profile , 2011, Decis. Support Syst..

[63]  Eduardo B. Fernández,et al.  ASE: A comprehensive pattern-driven security methodology for distributed systems , 2014, Comput. Stand. Interfaces.

[64]  Eduardo B. Fernandez,et al.  Security patterns in practice : designing secure architectures using software patterns , 2013 .

[65]  Fabio Massacci,et al.  Computer Aided Threat Identification , 2011, 2011 IEEE 13th Conference on Commerce and Enterprise Computing.

[66]  John Mylopoulos,et al.  Integrating Security Patterns with Security Requirements Analysis Using Contextual Goal Models , 2014, PoEM.

[67]  Richard F. Paige,et al.  An Integrated Framework for System/Software Requirements Development Aligning with Business Motivations , 2012, 2012 IEEE/ACIS 11th International Conference on Computer and Information Science.

[68]  Fausto Giunchiglia,et al.  Tropos: An Agent-Oriented Software Development Methodology , 2004, Autonomous Agents and Multi-Agent Systems.