Managing Security Control Assumptions Using Causal Traceability

2015 IEEE/ACM 8th International Symposium on Software and Systems Traceability Pub Date : 2015-05-16 DOI:10.1109/SST.2015.14

A. Nhlabatsi, Y. Yu, A. Zisman, T. Tun, N. Khan, A. Bandara, K. Khan, B. Nuseibeh

{"title":"Managing Security Control Assumptions Using Causal Traceability","authors":"A. Nhlabatsi, Y. Yu, A. Zisman, T. Tun, N. Khan, A. Bandara, K. Khan, B. Nuseibeh","doi":"10.1109/SST.2015.14","DOIUrl":null,"url":null,"abstract":"Security control specifications of software systems are designed to meet their security requirements. It is difficult to know both the value of assets and the malicious intention of attackers at design time, hence assumptions about the operational environment often reveal unexpected flaws. To diagnose the causes of violations in security requirements it is necessary to check these design-time assumptions. Otherwise, the system could be vulnerable to potential attacks. Addressing such vulnerabilities requires an explicit understanding of how the security control specifications were defined from the original security requirements. However, assumptions are rarely explicitly documented and monitored during system operation. This paper proposes a systematic approach to monitoring design-time assumptions explicitly as logs, by using trace ability links from requirements to specifications. The work also helps identify which alternative specifications of security control can be used to satisfy a security requirement that has been violated based on the logs. The work is illustrated by an example of an electronic patient record system.","PeriodicalId":404877,"journal":{"name":"2015 IEEE/ACM 8th International Symposium on Software and Systems Traceability","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE/ACM 8th International Symposium on Software and Systems Traceability","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SST.2015.14","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

Security control specifications of software systems are designed to meet their security requirements. It is difficult to know both the value of assets and the malicious intention of attackers at design time, hence assumptions about the operational environment often reveal unexpected flaws. To diagnose the causes of violations in security requirements it is necessary to check these design-time assumptions. Otherwise, the system could be vulnerable to potential attacks. Addressing such vulnerabilities requires an explicit understanding of how the security control specifications were defined from the original security requirements. However, assumptions are rarely explicitly documented and monitored during system operation. This paper proposes a systematic approach to monitoring design-time assumptions explicitly as logs, by using trace ability links from requirements to specifications. The work also helps identify which alternative specifications of security control can be used to satisfy a security requirement that has been violated based on the logs. The work is illustrated by an example of an electronic patient record system.

查看原文本刊更多论文

使用因果追溯性管理安全控制假设

软件系统的安全控制规范是为了满足其安全需求而设计的。在设计时很难同时知道资产的价值和攻击者的恶意意图，因此对操作环境的假设经常会暴露出意想不到的缺陷。为了诊断违反安全需求的原因，有必要检查这些设计时假设。否则，系统可能容易受到潜在的攻击。处理此类漏洞需要明确理解如何根据原始安全需求定义安全控制规范。然而，在系统运行期间，很少明确地记录和监视假设。本文提出了一种系统的方法，通过使用从需求到规格说明的跟踪能力链接，将设计时假设明确地作为日志进行监视。这项工作还有助于确定哪些安全控制的可选规范可用于满足基于日志违反的安全需求。该工作以电子病历系统为例进行了说明。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 IEEE/ACM 8th International Symposium on Software and Systems Traceability

自引率

0.00%

发文量