trust trade-off analysis for security requirements engineering authors: golnaz elahi, phd student at...
TRANSCRIPT
TRUST TRADE-OFF ANALYSIS FOR SECURITY
REQUIREMENTS ENGINEERINGAuthors:• Golnaz Elahi, PhD student at the University of Toronto,
Canada• Eric Yu, full professor at the University of Toronto,
Canada
Presenter:• Bas Vlug
About the method• Seven step agent- and goal-oriented method for analyzing
security requirements1. Identify actors and actors’ dependencies
2. Model and refine actors’ goals
3. Discover and model trust relationships in the dependency chain
4. Recording trust rationale
5. Replace the trustee party with a corresponding malicious party
6. Model and analyze vulnerabilities
7. Analyze the trust trade-offs
• Provides the capability to analyze potential malicious behavior of trustee parties
Process-DeliverableDiagram
Example• Imagine: an organization wants to make a back-up
• Alternative: store back-up in the cloud!
Step 1: Identify actors & dependencies
Step 2: Model & refine goals
1
Step 2: Model & refine goals
Step 2: Model & refine goals
Step 3: Model trust relationships Step 4: Record trust rationale
&
1
1
Step 3: Model trust relationships Step 4: Record trust rationale
&
Step 3: Model trust relationships Step 4: Record trust rationale
&
Step 5: Model malicious party
Step 5: Model malicious party
Step 6: Model vulnerabilities
Step 6: Model vulnerabilities
Intermezzo: Create models for other alternatives!
• Store back-up locally?• Don’t make a back-up at all?
Step 7: Analyze trust trade-offs
Step 7: Analyze trust trade-offs
Alternative Goal 1 Goal 2 Goal 3 Goal 4 Goal 5
Alternative 1 PS FS PD FS PS
Alternative 1 counterpart
FD PD FD PD PD
Alternative n FS PS FD FS FS
Alternative n counterpart
PD PD FD FD FD
Related literature - positioning• Agent-oriented modelling notations
• i*• Goal-oriented Requirements Language (GRL)• Eric Yu’s seminal proposal
• Trust trade-off analysis for security requirements engineering
• TROPOS
• …
• (Ayala, C., Cares, C., Carvallo, J., Franch, X., Grau, G., Haya, M., Mayol, E., Quer, C., Salazar, G. (2005). A Comparative Analysis of i*-Based Agent-Oriented Modeling Languages. Proceedings of 17th International Conference on Software Engineering and Knowledge Engineering, Taipei, Taiwan, 43-50. )
Related literature – contribution• Cited 9 times
• 4x self citation
• Used for: Even Swaps decision analysis• Method that could be used when choosing an alternative from the
trust trade-off table• Not part of the method itself.
Questions?