IRMA-International.org: Creator of Knowledge
Information Resources Management Association
Advancing the Concepts & Practices of Information Resources Management in Modern Organizations
navleft navright Research IRM Open Access IRMA Journals IRM Books Proceedings Membership

The IRMA Community

Calls for Papers
Online Symposium
Newsletters

Research IRM

Click a keyword to search titles using our InfoSci-OnDemand powered search:

Threat Analysis in Goal-Oriented Security Requirements Modelling

Threat Analysis in Goal-Oriented Security Requirements Modelling
View Sample PDF
Author(s): Per Håkon Meland (SINTEF ICT, Norway), Elda Paja (University of Trento, Italy), Erlend Andreas Gjære (SINTEF ICT, Norway), Stéphane Paul (Critical Embedded Systems Laboratory, Thales Research and Technology, France), Fabiano Dalpiaz (Buys Ballot Laboratory, Utrecht University, The Netherlands)and Paolo Giorgini (University of Trento, Italy)
 Copyright: 2018
 Pages: 18
 Source title: Computer Systems and Software Engineering: Concepts, Methodologies, Tools, and Applications
Source Author(s)/Editor(s): Information Resources Management Association (USA)
 DOI: 10.4018/978-1-5225-3923-0.ch085

Purchase

View Threat Analysis in Goal-Oriented Security Requirements Modelling on the publisher's website for pricing and purchasing information.

Abstract

Goal and threat modelling are important activities of security requirements engineering: goals express why a system is needed, while threats motivate the need for security. Unfortunately, existing approaches mostly consider goals and threats separately, and thus neglect the mutual influence between them. In this paper, the authors address this deficiency by proposing an approach that extends goal modelling with threat modelling and analysis. The authors show that this effort is not trivial and a trade-off between visual expressiveness, usability and usefulness has to be considered. Specifically, the authors integrate threat modelling with the socio-technical security modelling language (STS-ml), introduce automated analysis techniques that propagate threats in the combined models, and present tool support that enables reuse of threats facilitated by a threat repository. The authors illustrate their approach on a case study from the Air Traffic Management (ATM) domain, from which they extract some practical challenges. The authors conclude that threats provide a useful foundation and justification for the security requirements that the authors derive from goal modelling, but this should not be considered as a replacement to risk assessment. The usage of goals and threats early in the development process allows raising awareness of high-level security issues that occur regardless of the chosen technology and organizational processes.

Related Content

Preethi, Sapna R., Mohammed Mujeer Ulla. © 2023. 16 pages.
Srividya P.. © 2023. 12 pages.
Preeti Sahu. © 2023. 15 pages.
Vandana Niranjan. © 2023. 23 pages.
S. Darwin, E. Fantin Irudaya Raj, M. Appadurai, M. Chithambara Thanu. © 2023. 33 pages.
Shankara Murthy H. M., Niranjana Rai, Ramakrishna N. Hegde. © 2023. 23 pages.
Jothimani K., Bhagya Jyothi K. L.. © 2023. 19 pages.
IRMA Offers Over 2,500 Full Text Open Access Research Papers for Free Download Click to Start Searching Free IRM Research!

IRMA Sponsors

Sponsor IGI Global

Sponsor eContentPro

Encyclopedia of Information Science and Technology, Fourth Edition
Body Bottom
About Us | Contact | Sitemap | Legal | Policies
Copyright ©2024, Information Resources Management Association. 701 East Chocolate Avenue, Hershey, PA 17033.