Secure—I*: Engineering Secure Software Systems through Social Analysis
Received:July 08, 2008  Revised:July 08, 2009  Download PDF
Lin Liu,Eric Yu,John Mylopoulos. Secure—I*: Engineering Secure Software Systems through Social Analysis. International Journal of Software and Informatics, 2009,3(1):89~120
Hits: 5238
Download times: 3321
Fund:This work is sponsored by the NSF China (No. 60873064), the National (863) High Technology Research and Development Program of China (Nos. 2006AA01Z155, 2007AA01Z122) and National Key Research and Development (973) Program of China (No. 2009CB320706).
Abstract:Engineering secure software systems requires a thorough understanding of the social setting within which the system-to-be will eventually operate. To obtain such an understanding, one needs to identify the players involved in the system's operation, and to recognize their personal preferences, agendas and powers in relation to other players. The analysis also needs to identify assets that need to be protected, as well as vulnerabilities leads to system failures when attacked. Equally important, the analyst needs to take rational steps to predict most likely attackers, knowing their possible motivations, and capabilities enabled by latest technologies and available resources. Only an integrated social analysis of both sides (attackers/protectors) can reveal the full space of tradeoffs among which the analyst must choose. Unfortunately, current system development practices treat design decisions on security in an ad-hoc way, often as an afterthought. This paper introduces a methodological framework based on i*, for dealing with security and privacy requirements, namely, Secure-i*. The framework supports a set of analysis techniques. In particular, attacker analysis helps identify potential system abusers and their malicious intents. Dependency vulnerability analysis helps detect vulnerabilities in terms of organizational relationships among stakeholders. Countermeasure analysis supports the dynamic decision-making process of defensive system players in addressing vulnerabilities and threats. Finally, access control analysis bridges the gap between security requirement models and security implementation models. The framework is illustrated with an example involving security and privacy concerns in the design of electronic health information systems.In addition, we discuss model evaluation techniques, including qualitative goal model analysis and property verification techniques based on model checking.
keywords:security  requirements analysis  social networks  actor model
View Full Text  View/Add Comment  Download reader



Top Paper  |  FAQ  |  Guest Editors  |  Email Alert  |  Links  |  Copyright  |  Contact Us

© Copyright by Institute of Software, the Chinese Academy of Sciences

京公网安备 11040202500065号