Lin Liu,Eric Yu,John Mylopoulos

2002-01-01

Abstract:Security issues for software systems ultimately concern relationships among social actors -- stakeholders, users, potential attackers, etc. -- and software acting on their behalf. In assessing vulnerabilities and mitigation measures, actors make strategic decisions to achieve desired levels of security while trading off competing requirements such as costs, performance, usability and so on. This paper explores the explicit modeling of relationships among strategic actors in order to elicit, identify and analyze security requirements. In particular, actor dependency analysis helps in the identification of attackers and their potential threats, while actor goal analysis helps to elicit the dynamic decision making process of system players for security issues. Patterns of relationships at various levels of abstraction (e.g. intentional dependencies among abstract roles) can be studied separately. These patterns can be selectively applied and combined for analyzing specific system configurations. The approach is particularly suitable for new Internet applications where layers of software entities and human roles interact to create complex security challenges. Examples from Peer-to-Peer computing are used to illustrate the proposed framework.

Xinyu Wang,Jie Sun,Xiaohu Yang,Ye Wang,Shanping Li,Aleksander J. Kavs

DOI: https://doi.org/10.1111/j.1468-0394.2012.00632.x

IF: 3.3

2012-01-01

Expert Systems

Abstract:While Problem Frames have become a useful approach for requirements analysis, little research has been made to explore how to derive them from a complex problem context. The purpose of this paper is to propose such an approach. The proposed approach consists of three steps to drive the development of Problem Frames. In the first step, business process models are developed to capture the behavioural view of the problem context. In the second step, object analysis models are used to capture the structural view of the problem context. Together, these two views collectively and adequately capture the early context knowledge. These two types of model will then be used in the third step to construct context diagrams and derive Problem Frames. A complex real-world problem - equity trading problem - is used to illustrate this approach.

Yu Zhiwei,Tang Rengzhong,Jia Dongjiao,Ye Fanbo

DOI: https://doi.org/10.3321/j.issn:1004-132X.2007.04.021

2007-01-01

Abstract:To identify the security requirements of information systems, a business process-based security requirement analysis method was presented. Focused on the business process security, the related assets which affect the business process security were identified by security tree model. The security requirements of assets were identified by risk packet and risk transferring model, and then the security requirements list was formed after coverage analysis. Finally, a case was studied to illustrate the proposed method.

Jingwei Yang,Lin Liu

DOI: https://doi.org/10.1109/compsac.2008.51

2008-01-01

Abstract:At the present time, requirements knowledge is mainly in the possession of requirements experts and senior experienced practitioners, which is often implicit and pragmatic to share with novices. Requirements patterns aim to help derive complete, consistent, and implementable requirements specifications from rough sketches of the problem context. In this paper, we propose to use semi-formal approaches such as Problem Frames (PF) and i* to help represent, organize, and analyze recurring requirements knowledge patterns. The proposed PF and i* integrated approach enables simultaneous consideration of the designerpsilas subjective intentions as well as concrete environmental constraints.

Lin Liu,Eric Yu,John Mylopoulos

DOI: https://doi.org/10.1109/compsac.2006.159

2006-01-01

Abstract:Design for security is extremely complicated due to the unique nature of the issue. It requires a thorough understanding about the social setting of the security system. To obtain such understanding, sensible steps to take include identifying the players involved in the system, recognizing their personal preferences, agenda and power in relation to other players, identifying the assets being protected, the vulnerable points at which the systems may fail when attacked. Equally important is to taking rationale steps to predict most likely attackers, knowing their possible motivations, and capabilities enabled by latest the technologies and resource occupations. Only based on integrated analysis on both sides, rationale, informative and efficient tradeoffs on security can be made. Unfortunately, current system development practices treat design decisions on security in an adhoc way, often as an afterthought. This paper proposes to use social modeling concepts to analyze the business and organizational context of systems with regard to security. The main concepts used are actor, role, agent and goal, task, and resource dependencies between actors. The approach encompasses several analysis steps on the functional and non-functional requirements in relevance to security, thus integrating security into the system design process from the outset.

Jianxin Xu,Dongqin Feng

DOI: https://doi.org/10.1155/2017/2430835

IF: 1.968

2017-01-01

Security and Communication Networks

Abstract:This paper discusses two aspects of major risks related to the cyber security of an industrial control system (ICS), including the exploitation of the vulnerabilities of legitimate communication parties and the features abused by unauthorized parties. We propose a novel framework for exposing the above two types of risks. A state fusion finite state machine (SF-FSM) model is defined to describe multiple request-response packet pair sequence signatures of various applications using the same protocol. An inverted index of keywords in an industrial protocol is also proposed to accomplish fast state sequence matching. Then we put forward the concept of scenario reconstruction, using state sequence matching based on SF-FSM, to present the known vulnerabilities corresponding to applications of a specific type and version by identifying the packet interaction characteristics from the data flow in the supervisory control layer network. We also implement an anomaly detection approach to identifying illegal access using state sequence matching based on SF-FSM. An anomaly is asserted if none of the state sequence signatures in the SF-FSM is matched with a packet flow. Ultimately, an example based on industrial protocols is demonstrated by a prototype system to validate the methods of scenario reconstruction and anomaly detection.

Jie Sun,Liping Zhao,Peri Loucopoulos,Xinyu Wang,Shanping Li,Xiaohu Yang

2012-01-01

Abstract:The efficient functioning of financial markets is important for growth across the world, affecting businesses, society and individuals. Stock trading, a key activity within financial markets, is undergoing major transformation fuelled by advances in information systems techniques. Our motivation is in the development of stock trading systems that are robust and are transparent to regulators, traders and the public. Specifically, the work presented in this paper focuses on the way that quality factors may be considered at the requirements phase when designing systems to support sock trading processes. We focus on three quality factors namely performance, availability and security. We introduce a modeling paradigm that extends the well-known UML Activity model to explicitly represent these three quality factors and augment this through quantitative and qualitative reasoning. The approach is exemplified through the use of a small aspect of a stock trading process, dealing with the ‘order crossing’ part, taken from the practices of an international firm.

Yijun Yu,Haruhiko Kaiya,Nobukazu Yoshioka,Zhenjiang Hu,Hironori Washizaki,Yingfei Xiong,Amin Hosseinian Far

DOI: https://doi.org/10.4018/ijsse.2017070103

2017-01-01

International Journal of Secure Software Engineering

Abstract:This article describes how earlier detection of security problems and the implementation of solutions would be a cost-effective approach for developing secure software systems. Developing, gathering and sharing similar repeatable programming knowledge and solutions has led to the introduction of Patterns in the 90's. The same concept has been adopted to realise reoccurring security knowledge and hence security patterns. Detecting a security problem using the patterns in requirements models may lead to its early prevention. In this article, the authors have provided an overview of security patterns in the past two decades, followed by a summary of i*/Tropos goal modelling framework. Section 2 outlines model-driven development, meta-models and model transformation, within the context of requirements engineering. They have summarised security access control types, and formally described role-based access control RBAC in particular as a pattern that may occur in the stakeholder requirements models. Then the authors used the i* modelling language and some elements from its constructs-model-driven queries and transformations-to describe the pattern enforcement. This is applied to a number of requirements models within the literature, and the pattern-based transformation tool they designed has automated the detection and resolution of this security pattern in several goal-oriented stakeholder requirements. Finally, the article also reflects on a variety of existing applications and future work.

Lin Liu,Eric Yu,John Mylopoulos

2002-01-01

Abstract:Security issues for software systems ultimately concern relationships among social actors – stakeholders, users, potential attackers, etc. -and software acting on their behalf. In assessing vulnerabilities and mitigation measures, actors make strategic decisions to achieve desired levels of security while trading off competing requirements such as costs, performance, usability and so on. This paper explores the explicit modeling of relationships among strategic actors in order to elicit, identify and analyze security requirements. In particular, actor dependency analysis helps in the identification of attackers and their potential threats, while actor goal analysis helps to elicit the dynamic decision making process of system players for security issues. Patterns of relationships at various levels of abstraction (e.g. intentional dependencies among abstract roles) can be studied separately. These patterns can be selectively applied and combined for analyzing specific system configurations. The approach is particularly suitable for new Internet applications where layers of software entities and human roles interact to create complex security challenges. Examples from Peer-to-Peer computing are used to illustrate the proposed framework.

Zhi-wei YU,Ren-zhong TANG

DOI: https://doi.org/10.3785/j.issn.1008-973X.2007.08.003

2007-01-01

Abstract:A method of analyzing security objectives of business process elements (BPEs) was presented to determine the security requirements of business processes. According to the business process model, the initial security objectives of BPEs were identified based on a general classification. And the weighting coefficients of the security objectives of activities were affirmed by calculating the in-degree and out-degree of activities. The consistency checking rules and revising principles were brought forward to check and modify the security objectives, the final security objectives of BPEs were obtained. A case study showed that the proposed method could be used to get the security objectives of BPEs objectively.

Tong Li,Lin Liu,Golnaz Elahi,Eric Yu,Barrett R. Bryant

DOI: https://doi.org/10.1109/COMPSACW.2010.98

2010-01-01

Abstract:Security analysis is a knowledge intensive process, in which the attackers and the system owners are competing with their knowledge about how the system is built, what are the weakest points of the system, and how to exploit or to protect them. In other words, it is a race of knowledge. In this paper, we present a service security modeling approach based on the agent-oriented requirement modeling framework, i*. In this approach, we first model system actors' rationale for delivery of the service function. Then, we model a malicious actor whose intention is to disable the system functionality by exploiting their knowledge about the service and potential attacks. We assume that attackers have full knowledge about the system, which is the worst case scenario. Finally, the method automatically identifies attack routes across the actors' dependency network based on the available knowledge. We use a recent network attack event to a major Internet service provider to illustrate the approach.

Liu Lin,Jin Zhi

DOI: https://doi.org/10.1016/s1007-0214(07)70182-7

2007-01-01

Abstract:One of the difficulties that goal-oriented requirements analyses encounters is that the efficiency of the goal refinement is based on the analysts’ subjective knowledge and experience. To improve the efficiency of the requirements elicitation process, engineers need approaches with more systemized analysis techniques. This paper integrates the goal-oriented requirements language i* with concepts from a structured problem analysis notation, problem frames (PF). The PF approach analyzes software design as a contextualized problem which has to respond to constraints imposed by the environment. The proposed approach is illustrated using the meeting scheduler exemplar. Results show that integration of the goal and the problem analysis enables simultaneous consideration of the designer's subjective intentions and the physical environmental constraints.

Zhi Jin,Lin Liu

DOI: https://doi.org/10.1145/1138670.1138678

2006-01-01

Abstract:In this paper, we propose a conceptual description schema based on the Problem Frames (PF) approach, which treats environment as a first-class concept. Requirements are defined as problem descriptions in terms of the environment model. Thus, knowledge about the environment can be used to facilitate the derivation of software specifications from requirements. Heuristic rules that help structuring software problems are given. Major idea of the proposed approach is illustrated with a simple real world example.

Yan Li,Guang-qiu Huang,Chun-zi Wang,Ying-chao Li,Yan Li,Guang-qiu Huang,Chun-zi Wang,Ying-chao Li

DOI: https://doi.org/10.1186/s13638-019-1506-1

2019-08-13

EURASIP Journal on Wireless Communications and Networking

Abstract:Information technology has penetrated into all aspects of politics, economy, and culture of the whole society. The information revolution has changed the way of communication all over the world, promoted the giant development of human society, and also drawn unprecedented attention to network security issues. Studies, focusing on network security, have experienced four main stages: idealized design for ensuring security, auxiliary examination and passive defense, active analysis and strategy formulation, and overall perception and trend prediction. Under the background of the new strategic command for the digital control that all countries are scrambled for, the discussion of network security situational awareness presents new characteristics both in the academic study and industrialization. In this regard, a thorough investigation has been made in the present paper into the literature of network security situational awareness. Firstly, the research status both at home and abroad is introduced, and then, the logical analysis framework is put forward concerning the network security situational awareness from the perspective of the data value chain. The whole process is composed of five successive stages: factor acquisition, model representation, measurement establishment, solution analysis, and situation prediction. Subsequently, the role of each stage and the mainstream methods are elaborated, and the application results on the experimental objects and the horizontal comparison between the methods are explained. In an attempt to provide a panoramic recognition of network security situational awareness, and auxiliary ideas for the industrialization of network security, this paper aims to provide some references for the scientific research and engineering personnel in this field.

telecommunications,engineering, electrical & electronic

Y Hu,XR Xie,YZ Xin

DOI: https://doi.org/10.1109/pes.2004.1372957

2005-01-01

Abstract:This paper presents a modeling language and a quantitative evaluation approach for the security of power information systems. We firstly design a security architecture design trace language to universally describe system structures, services, security policies, attack behaviors and countermeasures. Next an automated risk analysis algorithm is proposed to get attack traces of power information systems. Then, based on the concept of relative security degree, security architecture can be quantitatively evaluated. Finally, with a case study in a real power information system, the effectiveness of the presented approach is demonstrated. In practice, the approach can be employed for assessing various kinds of countermeasures, such as increasing a new security function, adjusting system self structure, and changing customer operation requirements. And it can greatly decrease the subjectivity of counter-measure selection.

Golnaz Elahi,Eric Yu,Tong Li,Lin Liu

DOI: https://doi.org/10.1109/compsac.2011.48

2011-01-01

Abstract:Various governmental or academic institutes survey current security trends, and report vulnerabilities, security breaches, and their costs. However, it is unclear whether (and how) practitioners analyze these vulnerabilities and attacks to arrive at security requirements and decide on security solutions. What modeling methods are used for eliciting, analyzing, and documenting security requirements in real-world practice? This paper intends to answer such questions through a survey of security requirements engineering practices. 374 software professionals from 237 International and Chinese firms participated in the survey. The results show businesses often try to consider security from early stages of the development life cycle, however, ultimately, security is left to be built into the system at the implementation phase. We observed that practitioners favour qualitative risk assessment rather than quantitative approaches, and this helps them consider more varieties of factors when comparing alternative security design solutions.

Hongbo Li,Xiaohong Li,Jianye Hao,Guangquan Xu,Zhiyong Feng,Xiaofei Xie

DOI: https://doi.org/10.1109/QRS.2017.45

2017-01-01

Abstract:It is critical and foremost to come up with the corresponding security requirements first which the following implementations are based on. However, previous security requirement elicitation work based on Common Criteria (CC) rarely addresses the detailed elicitation process of threats from specific functional requirements, which thus results in the widen gap between specific functional requirements and their corresponding threats. To this end, this paper proposes a framework for eliciting corresponding security requirements of specific functional requirements from the requirements specification. A formal model is built in the framework to assist requirement analysts in half-automatic collecting threats. To enhance the framework's automaticity and reusability, a security property base is constructed based on authoritative sources of security properties to support the framework. A practical information system is applied to verify the framework's practicability. Finally the framework's advantages and limitations are discussed thoroughly compared with previous approaches and useful insights are revealed.

Sergej Japs,Harald Anacker

DOI: https://doi.org/10.1017/pds.2021.517

2021-07-27

Proceedings of the Design Society

Abstract:Abstract Cyber-physical systems (CPS), like autonomous vehicles, are intelligent and networked. The development of such systems and its components requires interdisciplinary cooperation between different stakeholders. A lack of system understanding between stakeholders can lead to unidentified and unresolved security threats & safety hazards in early engineering phases, resulting in high costs in product development and potentially compromises compliance with the safety of CPS. Model-based systems engineering (MBSE) improves the system understanding between stakeholders by using models. However, MBSE approaches only partially address security threats & safety hazards. In particular, their integrative consideration is not taken into account. Established security & safety approaches are either only applicable to specific disciplines or only partially consider security threats & safety hazards. In the context of this paper we present a method for the resolution of safety relevant security threats in the system architecture design phase using design patterns. We illustrate our approach with the example of the automotive sector. Finally, we present an evaluation of the method, based on an 8 week project with 67 master students.

Nacha Chondamrongkul,Jing Sun,Ian Warren

DOI: https://doi.org/10.1016/j.scico.2021.102631

IF: 1.039

2021-01-01

Science of Computer Programming

Abstract:Analysing security in the architecture design of modern software systems is a challenging task. Emerging technologies utilised in building software systems may pose security threats, so software engineers need to consider both the structure and behaviour of architectural styles that employ these supporting technologies. This paper presents an automated approach to security analysis that helps to identify security characteristics at the architectural level. Key techniques used by our approach include the use of metrics, vulnerability identification and attack scenarios. Our modelling is expressive in defining architectural styles and security characteristics. Our analysis approach gives insightful results that allow software engineers to trace through the design to find parts of the system that may be impacted by attacks. We have developed an analysis tool that allows user to seamlessly model the software architecture design and analyse security. The evaluation has been conducted to assess the accuracy and performance of our approach. The results show that our analysis approach performs reasonably well to analyse the security in the architectural design. (C) 2021 Elsevier B.V. All rights reserved.