Article Preview
Top1. Introduction
The diversity of information sharing channels and information security risks may be the biggest paradox of the rapidly developing information era. According to the definition of ISO/IEC 27002, information security mainly involves a couple of aspects, including confidentiality, integrity and availability. Due to cyber-attack and information risks, scholars and engineers have proposed and implemented a variety of security assurance methods to assure the security of information systems. At present, the most frequently used specific information security techniques include data encryption, user authentication technology, firewall, etc. Moreover, so far many approaches to conduct system security assurance have been proposed, such as i* framework, NFR (Non-Functional Requirement) framework, and D-Case. These approaches enable system engineers to adopt reasonable security strategies to reduce information security risks. Nevertheless, as constraint conditions of the security strategies have not been analyzed in these approaches, the proposed security countermeasures cannot always be achieved in industry.
The aforementioned constraints that affect whether a specific system security countermeasure should be adopted or not may be development time, engineering budget, system performance, system usability and even the space occupied by system hardware or equipment. For example, a large hospital is considering the introduction of an electronic medical record system (EMRS). Because the EMRS involves the privacy of patients, it must be implemented with an authentication function so that only users with corresponding permission can log into the system. Software vendor has proposed the technology of biometric identification, because it is more efficient and reliable. Compared with traditional methods (for example, user ID and password), biometric recognition needs specific facility and new software module, more development man-hours and engineering budget are therefore needed. When the engineering budget is insufficient, although the proposal is superior, it should be rejected. In other words, there is a trade-off between system security assurance and engineering budget.
It can be seen from the example that system designers always have to find a balance between system security goals and constrain conditions. In order to resolve this problem, the paper proposes a quantitative security assurance method that allows security assurance cases to consider both security contributions and constraints. In addition, two algorithms to support decision-making for security assurance cases development will be proposed and implemented. The remainder of this paper is organized as follows. Related researches on system security assurance approaches will be introduced in Section 2. Next, we propose a new method for security assuring to resolve the defects of the related research and give an example in Section 3. After that, in Section 4, the detailed steps of the proposed method are defined, and two greedy algorithms for automated reasoning of security assurance strategic decisions is proposed and implemented. In Section 5, a case study on an in-vehicle embedded system will be conducted to verify the effectiveness of this proposed method. In addition, experiments are carried out to evaluate the computational efficiency of the proposed method. Finally, this paper is concluded by discussing this method and by suggesting further directions of this research in Section 6.