A Prototype Tool for Modeling and Analyzing Security Requirements from A Holistic Viewpoint
نویسندگان
چکیده
Security breaches in large socio-technical systems cost billions. Many breaches can be attributed to the piecemeal security design, leaving parts of the system vulnerable while others are over-protected. We advocate holistic security design, and have introduced techniques to support security analysis across multiple layers. This paper presents MUSER, a prototype that assists security requirements analysts dealing with security requirements from a holistic viewpoint based on a three-layer framework. Our prototype analyzes security requirements and related security mechanisms in business layer, application layer, and physical layer. The prototype captures the influences of security mechanisms, which one layer enforces on the other layers, and supports deriving holistic security solutions that tackle security concerns in all layers. We demonstrate the usage of MUSER via a smart grid scenario. Keyword: Security Requirements ̈ Goal Model ̈ Multilayer ̈ SocioTechnical System ̈ Demo Tool
منابع مشابه
Private Key based query on encrypted data
Nowadays, users of information systems have inclination to use a central server to decrease data transferring and maintenance costs. Since such a system is not so trustworthy, users' data usually upkeeps encrypted. However, encryption is not a nostrum for security problems and cannot guarantee the data security. In other words, there are some techniques that can endanger security of encrypted d...
متن کاملModeling a semantic recommender system for medical prescriptions and drug interaction detection
Introduction: The administration of appropriate drugs to patients is one of the most important processes of treatment and requires careful decision-making based-on the current conditions of the patient and its history and symptoms. In many cases, patients may require more than one drug, or in addition to having a previous illness and receiving the drug, they need new drugs for the new illness, ...
متن کاملInvitation Oral Defense of Doctoral
Automatic Dependent Surveillance-Broadcast (ADS-B) is an emerging software-defined radar technology that is supposed to replace current standards and is part of the Next Generation Transportation Systems (NextGen) in the US. In spite of its several benefits, this technology has been widely cited for being designed without security in mind, making it vulnerable to numerous attacks. Most approach...
متن کاملHolistic Security Requirements Engineering for Socio-Technical Systems
Security has been a growing concern for large organizations, especially financial and governmental institutions, as security breaches in the systems they depend have repeatedly resulted in losses of billions per year, and this cost is on the rise. A primary reason for these breaches is the “socio-technical” nature of today’s systems that consist of an amalgam of social and human actors, process...
متن کاملST-Tool: A CASE Tool for Modeling and Analyzing Trust Requirements
ST-Tool is a graphical tool integrating an agent-oriented requirements engineering methodology with tools for the formal analysis of models. Essentially, the tool allows designers to draw visual models representing functional, security and trust requirements of systems and, then, to verify formally and automatically their correctness and consistency through different model-checkers.
متن کامل