Goal-Oriented Security Trade-Off Modeling and Analysis with Knowledge Support

In designing software systems, security is typically only one design objective among many, which may compete with other objectives such as privacy and usability. Too often, security mechanisms are adopted without explicit recognition of competing design objectives and their origins in stakeholder interests. Ultimately, security is about balancing the trade-offs among the competing goals of multiple actors. However, software developers and designers are not security or privacy specialists, thus a major obstacle towards secure systems development is the lack of an easy-to-use body of knowledge for making trade-offs and decisions. This PhD research focuses on a goal-oriented approach for modeling and analyzing security trade-offs and incorporating them into the requirements analysis and architecture design. Goal orientation is also used to structure knowledge to assist designers in making security trade-offs.