{"title":"面向目标的需求开发和定量安全保证方法","authors":"Zhengshu Zhou, Qiang Zhi, Zilong Liang, Shuji Morisaki","doi":"10.4018/IJSSSP.2021010103","DOIUrl":null,"url":null,"abstract":"When deciding and evaluating system security strategies, there is a trade-off relationship between security assuring effect and constraint condition, which has been revealed by many qualitative security assurance methods. However, the existing methods cannot be used to make quantitative analysis on security assurance and constraint conditions to support project managers and system engineers to decide system development strategies. Therefore, a quantitative method which can consider both security strategies and constraints is necessary. This paper proposes a semi-automatic, quantitative system security assurance approach for developing security requirement and security assurance cases by extending the traditional GSN (goal structuring notation). Next, two greedy algorithms for quantitative system security assurance are implemented and evaluated. In addition, a case study and an experiment are carried out to verify the effectiveness and efficiency of the proposed approach and the proposed algorithms.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"126 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Goal-Oriented Approach to Requirements Development and Quantitative Security Assurance\",\"authors\":\"Zhengshu Zhou, Qiang Zhi, Zilong Liang, Shuji Morisaki\",\"doi\":\"10.4018/IJSSSP.2021010103\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"When deciding and evaluating system security strategies, there is a trade-off relationship between security assuring effect and constraint condition, which has been revealed by many qualitative security assurance methods. However, the existing methods cannot be used to make quantitative analysis on security assurance and constraint conditions to support project managers and system engineers to decide system development strategies. Therefore, a quantitative method which can consider both security strategies and constraints is necessary. This paper proposes a semi-automatic, quantitative system security assurance approach for developing security requirement and security assurance cases by extending the traditional GSN (goal structuring notation). Next, two greedy algorithms for quantitative system security assurance are implemented and evaluated. In addition, a case study and an experiment are carried out to verify the effectiveness and efficiency of the proposed approach and the proposed algorithms.\",\"PeriodicalId\":135841,\"journal\":{\"name\":\"Int. J. Syst. Softw. Secur. Prot.\",\"volume\":\"126 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Int. J. Syst. Softw. Secur. Prot.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/IJSSSP.2021010103\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Syst. Softw. Secur. Prot.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/IJSSSP.2021010103","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Goal-Oriented Approach to Requirements Development and Quantitative Security Assurance
When deciding and evaluating system security strategies, there is a trade-off relationship between security assuring effect and constraint condition, which has been revealed by many qualitative security assurance methods. However, the existing methods cannot be used to make quantitative analysis on security assurance and constraint conditions to support project managers and system engineers to decide system development strategies. Therefore, a quantitative method which can consider both security strategies and constraints is necessary. This paper proposes a semi-automatic, quantitative system security assurance approach for developing security requirement and security assurance cases by extending the traditional GSN (goal structuring notation). Next, two greedy algorithms for quantitative system security assurance are implemented and evaluated. In addition, a case study and an experiment are carried out to verify the effectiveness and efficiency of the proposed approach and the proposed algorithms.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
