trust trade-off analysis for security requirements engineering authors: golnaz elahi, phd student at...

TRUST TRADE-OFF ANALYSIS FOR SECURITY

REQUIREMENTS ENGINEERINGAuthors:• Golnaz Elahi, PhD student at the University of Toronto,

Canada• Eric Yu, full professor at the University of Toronto,

Canada

Presenter:• Bas Vlug

About the method• Seven step agent- and goal-oriented method for analyzing

security requirements1. Identify actors and actors’ dependencies

2. Model and refine actors’ goals

3. Discover and model trust relationships in the dependency chain

4. Recording trust rationale

5. Replace the trustee party with a corresponding malicious party

6. Model and analyze vulnerabilities

7. Analyze the trust trade-offs

• Provides the capability to analyze potential malicious behavior of trustee parties

Process-DeliverableDiagram

Example• Imagine: an organization wants to make a back-up

• Alternative: store back-up in the cloud!

Step 1: Identify actors & dependencies

Step 2: Model & refine goals

1

Step 2: Model & refine goals

Step 2: Model & refine goals

Step 3: Model trust relationships Step 4: Record trust rationale

&

1

1

Step 3: Model trust relationships Step 4: Record trust rationale

&

Step 3: Model trust relationships Step 4: Record trust rationale

&

Step 5: Model malicious party

Step 5: Model malicious party

Step 6: Model vulnerabilities

Step 6: Model vulnerabilities

Intermezzo: Create models for other alternatives!

• Store back-up locally?• Don’t make a back-up at all?

Step 7: Analyze trust trade-offs

Step 7: Analyze trust trade-offs

Alternative Goal 1 Goal 2 Goal 3 Goal 4 Goal 5

Alternative 1 PS FS PD FS PS

Alternative 1 counterpart

FD PD FD PD PD

Alternative n FS PS FD FS FS

Alternative n counterpart

PD PD FD FD FD

Related literature - positioning• Agent-oriented modelling notations

• i*• Goal-oriented Requirements Language (GRL)• Eric Yu’s seminal proposal

• Trust trade-off analysis for security requirements engineering

• TROPOS

• …

• (Ayala, C., Cares, C., Carvallo, J., Franch, X., Grau, G., Haya, M., Mayol, E., Quer, C., Salazar, G. (2005). A Comparative Analysis of i*-Based Agent-Oriented Modeling Languages. Proceedings of 17th International Conference on Software Engineering and Knowledge Engineering, Taipei, Taiwan, 43-50. )

Related literature – contribution• Cited 9 times

• 4x self citation

• Used for: Even Swaps decision analysis• Method that could be used when choosing an alternative from the

trust trade-off table• Not part of the method itself.

Questions?