Decision Support for Choice of Security Solution: The Aspect-Oriented Risk Driven Development (AORDD)Framework
نویسنده
چکیده
Security critical systems development needs to integrate both project and product risks assessment into the development. Such systems need to balance time to market constraints, cost demands, functional requirement, as well as security requirements. This advocate the use of techniques that support costeffective and risk-driven development. The aspect-oriented risk-driven development (AORDD) framework combines risk-driven development (RDD) with aspect oriented modeling (AOM). Development is incremental, iterative, and risk-driven, and each development cycle ends with a combined project and product risk assessment. The result of the assessment is a list of project and product risks in need of treatment. Cost-effective treatment of risks is handled by the AORDD cost-benefit trade-off analysis. The paper focuses on product risks, and in particular security risks, and provides an overview of the AORDD framework and the AORDD cost-benefit trade-off analysis.
منابع مشابه
Decision Support for Choice of Security Solution
In security assessment and management there is no single correct solution to the identi ed security problems or challenges. Instead there are only choices and tradeo¤s. The main reason for this is that modern information systems and security critical information systems in particular must perform at the contracted or expected security level, make e¤ective use of available resources and meet end...
متن کاملExtending Security Requirement Patterns to Support Aspect-Oriented Risk-Driven Development
This paper presents a pattern representation of security concern solutions and their interactions that support aspect-oriented risk-driven development (AORDD). Security concern solutions are specified early in the development process, using UML as a rigorous notation for sets of patterns. A profile consisting of stereotypes and tagged values supports security concern requirement traceability th...
متن کاملCombining Disparate Information Sources when Quantifying Operational Security
Quantitative estimation of security attributes makes it possible to do cost-effective development of security critical systems. By predicting the impact and cost of potential misuses, as well as the cost and effect of security treatment strategies, one can treat security risks at the right time for the correct cost. The Aspect-Oriented Risk-Driven Development (AORDD) framework supports cost-eff...
متن کاملPredicting Availability of Systems using BBN in Aspect-Oriented Risk-Driven Development (AORDD)
Existing security standards targets qualitative evaluation of the security level of a system against a set of predefined levels. When doing trade-off between treatment strategies, we need to supplement the qualitative evaluation with quantitative estimates of operational security. Quantitative evaluation, such as probabilistic analysis, is frequently used within the dependability domain. To est...
متن کاملA Model-Driven Decision Support System for Software Cost Estimation (Case Study: Projects in NASA60 Dataset)
Estimating the costs of software development is one of the most important activities in software project management. Inaccuracies in such estimates may cause irreparable loss. A low estimate of the cost of projects will result in failure on delivery on time and indicates the inefficiency of the software development team. On the other hand, high estimates of resources and costs for a project wil...
متن کامل