面向目标的需求开发和定量安全保证方法

Int. J. Syst. Softw. Secur. Prot. Pub Date : 2021-01-01 DOI:10.4018/IJSSSP.2021010103

Zhengshu Zhou, Qiang Zhi, Zilong Liang, Shuji Morisaki

{"title":"面向目标的需求开发和定量安全保证方法","authors":"Zhengshu Zhou, Qiang Zhi, Zilong Liang, Shuji Morisaki","doi":"10.4018/IJSSSP.2021010103","DOIUrl":null,"url":null,"abstract":"When deciding and evaluating system security strategies, there is a trade-off relationship between security assuring effect and constraint condition, which has been revealed by many qualitative security assurance methods. However, the existing methods cannot be used to make quantitative analysis on security assurance and constraint conditions to support project managers and system engineers to decide system development strategies. Therefore, a quantitative method which can consider both security strategies and constraints is necessary. This paper proposes a semi-automatic, quantitative system security assurance approach for developing security requirement and security assurance cases by extending the traditional GSN (goal structuring notation). Next, two greedy algorithms for quantitative system security assurance are implemented and evaluated. In addition, a case study and an experiment are carried out to verify the effectiveness and efficiency of the proposed approach and the proposed algorithms.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"126 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Goal-Oriented Approach to Requirements Development and Quantitative Security Assurance\",\"authors\":\"Zhengshu Zhou, Qiang Zhi, Zilong Liang, Shuji Morisaki\",\"doi\":\"10.4018/IJSSSP.2021010103\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"When deciding and evaluating system security strategies, there is a trade-off relationship between security assuring effect and constraint condition, which has been revealed by many qualitative security assurance methods. However, the existing methods cannot be used to make quantitative analysis on security assurance and constraint conditions to support project managers and system engineers to decide system development strategies. Therefore, a quantitative method which can consider both security strategies and constraints is necessary. This paper proposes a semi-automatic, quantitative system security assurance approach for developing security requirement and security assurance cases by extending the traditional GSN (goal structuring notation). Next, two greedy algorithms for quantitative system security assurance are implemented and evaluated. In addition, a case study and an experiment are carried out to verify the effectiveness and efficiency of the proposed approach and the proposed algorithms.\",\"PeriodicalId\":135841,\"journal\":{\"name\":\"Int. J. Syst. Softw. Secur. Prot.\",\"volume\":\"126 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Int. J. Syst. Softw. Secur. Prot.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/IJSSSP.2021010103\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Syst. Softw. Secur. Prot.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/IJSSSP.2021010103","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

在确定和评估系统安全策略时，安全保证效果与约束条件之间存在权衡关系，许多定性安全保证方法都揭示了这一点。然而，现有的方法无法对安全保证和约束条件进行定量分析，以支持项目经理和系统工程师制定系统开发策略。因此，需要一种既能考虑安全策略又能考虑约束的定量方法。本文通过对传统GSN(目标结构符号)的扩展，提出了一种半自动、定量的系统安全保障方法，用于开发安全需求和安全保障案例。其次，实现并评估了两种用于定量系统安全保证的贪心算法。最后，通过实例分析和实验验证了所提方法和算法的有效性和高效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

A Goal-Oriented Approach to Requirements Development and Quantitative Security Assurance

When deciding and evaluating system security strategies, there is a trade-off relationship between security assuring effect and constraint condition, which has been revealed by many qualitative security assurance methods. However, the existing methods cannot be used to make quantitative analysis on security assurance and constraint conditions to support project managers and system engineers to decide system development strategies. Therefore, a quantitative method which can consider both security strategies and constraints is necessary. This paper proposes a semi-automatic, quantitative system security assurance approach for developing security requirement and security assurance cases by extending the traditional GSN (goal structuring notation). Next, two greedy algorithms for quantitative system security assurance are implemented and evaluated. In addition, a case study and an experiment are carried out to verify the effectiveness and efficiency of the proposed approach and the proposed algorithms.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Int. J. Syst. Softw. Secur. Prot.

自引率

0.00%

发文量

期刊最新文献

A Light Weight Temper Resistance Client File in an External Memory for Remote User Authentication and Access Control Proposed Secure 3-Use Case Diagram A Novel Iterated Function System-Based Model for Coloured Image Encryption Formal Metamodeling for Secure Model-Driven Engineering Cloud Computing Virtual Machine Workload Prediction Method Based on Variational Autoencoder