Welcome to the InfoSci Platform
Reference Hub7
Threat Analysis in Goal-Oriented Security Requirements Modelling

Threat Analysis in Goal-Oriented Security Requirements Modelling

Per Håkon Meland, Elda Paja, Erlend Andreas Gjære, Stéphane Paul, Fabiano Dalpiaz, Paolo Giorgini
Copyright: © 2014 |Volume: 5 |Issue: 2 |Pages: 19
ISSN: 1947-3036|EISSN: 1947-3044|EISBN13: 9781466656857|DOI: 10.4018/ijsse.2014040101
Cite Article Cite Article

MLA

Meland, Per Håkon, et al. "Threat Analysis in Goal-Oriented Security Requirements Modelling." IJSSE vol.5, no.2 2014: pp.1-19. http://doi.org/10.4018/ijsse.2014040101

APA

Meland, P. H., Paja, E., Gjære, E. A., Paul, S., Dalpiaz, F., & Giorgini, P. (2014). Threat Analysis in Goal-Oriented Security Requirements Modelling. International Journal of Secure Software Engineering (IJSSE), 5(2), 1-19. http://doi.org/10.4018/ijsse.2014040101

Chicago

Meland, Per Håkon, et al. "Threat Analysis in Goal-Oriented Security Requirements Modelling," International Journal of Secure Software Engineering (IJSSE) 5, no.2: 1-19. http://doi.org/10.4018/ijsse.2014040101

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

Goal and threat modelling are important activities of security requirements engineering: goals express why a system is needed, while threats motivate the need for security. Unfortunately, existing approaches mostly consider goals and threats separately, and thus neglect the mutual influence between them. In this paper, the authors address this deficiency by proposing an approach that extends goal modelling with threat modelling and analysis. The authors show that this effort is not trivial and a trade-off between visual expressiveness, usability and usefulness has to be considered. Specifically, the authors integrate threat modelling with the socio-technical security modelling language (STS-ml), introduce automated analysis techniques that propagate threats in the combined models, and present tool support that enables reuse of threats facilitated by a threat repository. The authors illustrate their approach on a case study from the Air Traffic Management (ATM) domain, from which they extract some practical challenges. The authors conclude that threats provide a useful foundation and justification for the security requirements that the authors derive from goal modelling, but this should not be considered as a replacement to risk assessment. The usage of goals and threats early in the development process allows raising awareness of high-level security issues that occur regardless of the chosen technology and organizational processes.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.