Risk-aware decision support with constrained goal models

  title={Risk-aware decision support with constrained goal models},
  author={Nikolaos Argyropoulos and Konstantinos Angelopoulos and Haralambos Mouratidis and Andrew Fish},
  journal={Inf. Comput. Secur.},
Purpose The selection of security configurations for complex information systems is a cumbersome process. Decision-making regarding the choice of security countermeasures has to take into consideration a multitude of, often conflicting, functional and non-functional system goals. Therefore, a structured method to support crucial security decisions during a system’s design that can take account of risk whilst providing feedback on the optimal decisions within specific scenarios would be… 

Figures and Tables from this paper

CVSS-based Estimation and Prioritization for Security Risks
A risk estimation and evaluation method for information security based on the Common Vulnerability Scoring System (CVSS) that enables security engineers to focus on the most servere risks right from the beginning.
Designing secure business processes from organisational goal models
This work introduces a framework for the design of secure business process models that uses security-oriented goal models as its starting point to capture a socio-technical view of the system to-be and its security requirements during its early design stages.
Optimization Modulo Theories with OptiMathSAT
A variety of techniques that deal with the identified issues and advance both the expressiveness and the efficiency of OMT are presented, including implementation of these techniques inside OptiMathSAT, a state-of-the-art OMT solver based on MathSAT5, along with its high-level architecture, Input/Output interfaces and configurable options.
Evaluation of Novel Approaches to Software Engineering: 14th International Conference, ENASE 2019, Heraklion, Crete, Greece, May 4–5, 2019, Revised Selected Papers
A sequence of processing steps and initial results of their application for two examples of a description of system’s functionality showed that variability of language constructs in descriptions affects an amount of implicitly expressed knowledge.
Model-Based Risk Analysis and Evaluation Using CORAS and CVSS
Following the principle of security-by-design, this work aims at providing methods to develop secure software right from the beginning, i.e. methods for an application during requirements engineering.


Decision-Making in Security Requirements Engineering with Constrained Goal Models
This work extends Secure Tropos, a security requirements engineering methodology, by introducing the concept of Risk in order to facilitate the elicitation and analysis of security requirements and also support a systematic risk assessment process during the system’s design time.
Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development
This paper analyzes Secure Tropos, the language supporting the eponymous agent-based IS development, and suggests improvements in the light of an existing reference model for IS security risk management, thereby improving the conceptual appropriateness of the language.
A Goal Oriented Approach for Modeling and Analyzing Security Trade-Offs
An extension to the i* framework for security trade-off analysis is proposed, taking advantage of its multi-agent and goal orientation, and was applied to several case studies used to exemplify existing approaches.
A Semi-Automatic Approach for Eliciting Cloud Security and Privacy Requirements
An approach is presented that takes as input abstract security and privacy requirements and produces through a semi-automatic process various alternative implementation options for cloud services to create a mapping between the organisational and the operational level of the system's analysis.
A multi-objective genetic algorithm for minimising network security risk and cost
A model of quantitative risk analysis, where an optimisation routine is developed to help a human decision maker to determine the preferred trade-off between investment cost and resulting risk, and shows that the MOGA approach provides high quality solutions, resulting in better knowledge for decision making.
Security Requirements Engineering for Cloud Computing: The Secure Tropos Approach
This work introduces Secure Tropos by discussing its main concepts, their relations and the main diagrams used to capture the different aspects of a software system, and discusses future work on expanding the functionalities offered by Secure Tropo.
A Semi-Automated Tool for Requirements Trade-off Analysis
A semi-automated decision aid tool which allows the use of available but potentially incomplete quantitative and qualitative requirements and risk measures and extends the Even Swap method with formally defined rules for suggesting the next swap to decision stakeholders.
Secure Tropos: a Security-Oriented Extension of the Tropos Methodology
Extensions to the Tropos methodology are introduced to enable it to model security concerns throughout the whole development process to help towards the development of more secure multiagent systems.
Eliciting Security Requirements for Business Processes of Legacy Systems
An integrated approach for transforming the extracted legacy process models into Secure Tropos goal models, which facilitate the elicitation of security requirements in a high level of abstraction, which are then incorporated back into the process models of the modernised systems as security features.
SP 800-30. Risk Management Guide for Information Technology Systems
Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. Organizations use risk assessment, the first step in the risk management