Cristin-resultat-ID: 1077101
Sist endret: 17. desember 2013, 07:53
NVI-rapporteringsår: 2013
Resultat
Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
2013

The Use and Usefulness of Threats in Goal-Oriented Modelling

Bidragsytere:
  • Per Håkon Meland
  • Erlend Andreas Gjære og
  • Stéphane Paul

Bok

Om resultatet

Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
Publiseringsår: 2013
Sider: 428 - 436
ISBN:
  • 978-0-7695-5008-4

Klassifisering

Fagfelt (NPI)

Fagfelt: Informatikk og datateknikk
- Fagområde: Realfag og teknologi

Beskrivelse Beskrivelse

Tittel

The Use and Usefulness of Threats in Goal-Oriented Modelling

Sammendrag

Both goal and threat modelling are well-known activities related to high-level requirements engineering. While goals express why a system is needed, threats tell us why security for our system is needed. Still, you will often find that goals and threats are treated in separate modelling processes, perhaps not being influenced by each other at all. The research question we try to address in here is to what extent should we include threats in goal-oriented modelling? There is for instance a trade-off between expressiveness, usability and usefulness that must be considered. To improve this situation we believe that a well-defined methodology with good tool support will make the modelling process easier, and give a more useful result. In this paper we first give an overview of previous work on the use of threats within goal-modelling. We explain the use of threats within a goal-oriented socio-technical security modelling language and how tool support enables reuse of threats and automatic analysis of threat propagation in the models. This is exemplified with a case study from Air Traffic Management (ATM) from which we extract some of the the practical challenges that we have. We are able to conclude that threats provide a useful foundation and justification for the security requirements we derive from goal modelling, but this should not be considered to be a replacement for risk assessment methods. Having goals and threats before thinking of the technical solutions of a system allows us to raise awareness on situations that are not just exceptions from regular execution flow.

Bidragsytere

Per Håkon Meland

  • Tilknyttet:
    Forfatter
    ved Software Engineering, Safety and Security ved SINTEF AS

Erlend Andreas Gjære

  • Tilknyttet:
    Forfatter
    ved Software Engineering, Safety and Security ved SINTEF AS

Stéphane Paul

  • Tilknyttet:
    Forfatter
    ved Frankrike
1 - 3 av 3

Resultatet er en del av Resultatet er en del av

1 - 1 av 1