Evaluation of MUSER, a holistic security requirements analysis framework

2017 11th International Conference on Research Challenges in Information Science (RCIS) Pub Date : 2017-05-01 DOI:10.1109/RCIS.2017.7956550

Elias A. Seid, Kazi Robin, Tong Li, J. Mylopoulos

{"title":"Evaluation of MUSER, a holistic security requirements analysis framework","authors":"Elias A. Seid, Kazi Robin, Tong Li, J. Mylopoulos","doi":"10.1109/RCIS.2017.7956550","DOIUrl":null,"url":null,"abstract":"Security has been a growing concern for large organizations, especially financial and governmental institutions, as security breaches in the systems they depend on have repeatedly resulted in billions of dollars in losses per year, and this cost is on the rise. A primary reason for these breaches is that the systems in question are socio-technical — a mix of people, processes, technology and infrastructure. However, such systems are designed in a piecemeal rather than a holistic fashion, leaving parts of the system vulnerable. To tackle this problem, a three-realm security requirements framework was proposed to holistically analyse security requirements in different conceptual realms, including social realm (business processes, social actors), a software realm (software applications that support the social realm) and an infrastructure realm (physical and technological infrastructure). In this paper we evaluate this security requirements analysis framework. The evaluation was performed by two graduate students using a large scale case study on a medical emergency response system.","PeriodicalId":193156,"journal":{"name":"2017 11th International Conference on Research Challenges in Information Science (RCIS)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 11th International Conference on Research Challenges in Information Science (RCIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RCIS.2017.7956550","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Security has been a growing concern for large organizations, especially financial and governmental institutions, as security breaches in the systems they depend on have repeatedly resulted in billions of dollars in losses per year, and this cost is on the rise. A primary reason for these breaches is that the systems in question are socio-technical — a mix of people, processes, technology and infrastructure. However, such systems are designed in a piecemeal rather than a holistic fashion, leaving parts of the system vulnerable. To tackle this problem, a three-realm security requirements framework was proposed to holistically analyse security requirements in different conceptual realms, including social realm (business processes, social actors), a software realm (software applications that support the social realm) and an infrastructure realm (physical and technological infrastructure). In this paper we evaluate this security requirements analysis framework. The evaluation was performed by two graduate students using a large scale case study on a medical emergency response system.

查看原文本刊更多论文

评估MUSER，一个整体的安全需求分析框架

对于大型组织，特别是金融和政府机构来说，安全性已经成为一个日益关注的问题，因为他们所依赖的系统中的安全漏洞已经多次导致每年数十亿美元的损失，而且这一成本还在上升。这些违规行为的一个主要原因是，所涉及的系统是社会技术的——包括人员、流程、技术和基础设施。然而，这样的系统是以零敲碎打的方式设计的，而不是以整体的方式设计的，这使得系统的某些部分容易受到攻击。为了解决这个问题，提出了一个三领域安全需求框架，从整体上分析不同概念领域中的安全需求，包括社会领域(业务流程、社会参与者)、软件领域(支持社会领域的软件应用程序)和基础设施领域(物理和技术基础设施)。本文对该安全需求分析框架进行了评估。该评估由两名研究生通过对医疗应急系统的大规模案例研究进行。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 11th International Conference on Research Challenges in Information Science (RCIS)

自引率

0.00%

发文量