Automated Reasoning towards Quantitative Security Assurance

Abstract

System security assurance has become one of the most important research directions in software engineering and requirement engineering. To date, a lot of approaches have been proposed to conduct system security assurance. However, in these existing approaches, the constraint conditions of security assurance are rarely mentioned. In software engineering domain, constraint is a critical factor that can affect the success or failure of the engineering project, and thus the practicability of these approaches may be called in question. In order to resolve this problem, this paper proposes a new security assurance method that allows engineers to give consideration to both contribution attributes and cost attributes for security objectives during system architecture design process. In addition, a recursive algorithm is proposed and implemented to realize automated reasoning for developing security assurance cases.