Sökning: hsv:(NATURVETENSKAP) hsv:(Data och informationsvetenskap Datateknik)
> (2010-2019) >
Holistic security r...
Holistic security requirements analysis for socio-technical systems
-
Li, Tong (författare)
-
- Horkoff, Jennifer, 1980 (författare)
- Gothenburg University,Göteborgs universitet,Institutionen för data- och informationsteknik, datavetenskap (GU),Department of Computer Science and Engineering, Computing Science (GU)
-
Mylopoulos, John (författare)
-
(creator_code:org_t)
-
-
visa fler...
-
-
visa färre...
- 2016-09-19
- 2018
- Engelska.
-
Ingår i: Software and Systems Modeling. - : Springer Science and Business Media LLC. - 1619-1366 .- 1619-1374. ; 17:4, s. 1253-1285
- Relaterad länk:
-
https://gup.ub.gu.se...
-
visa fler...
-
https://doi.org/10.1...
-
visa färre...
Abstract
Ämnesord
Stäng
- © 2016, Springer-Verlag Berlin Heidelberg. Security has been a growing concern for large organizations, especially financial and governmental institutions, as security breaches in the systems they depend on have repeatedly resulted in billions of dollars in losses per year, and this cost is on the rise. A primary reason for these breaches is that the systems in question are “socio-technical” a mix of people, processes, technology, and infrastructure. However, such systems are designed in a piecemeal rather than a holistic fashion, leaving parts of the system vulnerable. To tackle this problem, we propose a three-layer security analysis framework consisting of a social layer (business processes, social actors), a software layer (software applications that support the social layer), and an infrastructure layer (physical and technological infrastructure). In our proposal, global security requirements lead to local security requirements, cutting across conceptual layers, and upper-layer security analysis influences analysis at lower layers. Moreover, we propose a set of analytical methods and a systematic process that together drive security requirements analysis across the three layers. To support analysis, we have defined corresponding inference rules that (semi-)automate the analysis, helping to deal with system complexity. A prototype tool has been implemented to support analysts throughout the analysis process. Moreover, we have performed a case study on a real-world smart grid scenario to validate our approach.
Ämnesord
- NATURVETENSKAP -- Data- och informationsvetenskap (Datateknik) (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences (hsv//eng)
Nyckelord
- Enterprise architecture
- Goal model
- Security pattern
- Security requirements
- Socio-technical system
Publikations- och innehållstyp
- ref (ämneskategori)
- art (ämneskategori)
Hitta via bibliotek
Till lärosätets databas