Welcome to the InfoSci Platform
Reference Hub1
A Goal-Oriented Approach to Requirements Development and Quantitative Security Assurance

A Goal-Oriented Approach to Requirements Development and Quantitative Security Assurance

Zhengshu Zhou, Qiang Zhi, Zilong Liang, Shuji Morisaki
Copyright: © 2021 |Volume: 12 |Issue: 1 |Pages: 17
ISSN: 2640-4265|EISSN: 2640-4273|EISBN13: 9781799863809|DOI: 10.4018/IJSSSP.2021010103
Cite Article Cite Article

MLA

Zhou, Zhengshu, et al. "A Goal-Oriented Approach to Requirements Development and Quantitative Security Assurance." IJSSSP vol.12, no.1 2021: pp.46-62. http://doi.org/10.4018/IJSSSP.2021010103

APA

Zhou, Z., Zhi, Q., Liang, Z., & Morisaki, S. (2021). A Goal-Oriented Approach to Requirements Development and Quantitative Security Assurance. International Journal of Systems and Software Security and Protection (IJSSSP), 12(1), 46-62. http://doi.org/10.4018/IJSSSP.2021010103

Chicago

Zhou, Zhengshu, et al. "A Goal-Oriented Approach to Requirements Development and Quantitative Security Assurance," International Journal of Systems and Software Security and Protection (IJSSSP) 12, no.1: 46-62. http://doi.org/10.4018/IJSSSP.2021010103

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

When deciding and evaluating system security strategies, there is a trade-off relationship between security assuring effect and constraint condition, which has been revealed by many qualitative security assurance methods. However, the existing methods cannot be used to make quantitative analysis on security assurance and constraint conditions to support project managers and system engineers to decide system development strategies. Therefore, a quantitative method which can consider both security strategies and constraints is necessary. This paper proposes a semi-automatic, quantitative system security assurance approach for developing security requirement and security assurance cases by extending the traditional GSN (goal structuring notation). Next, two greedy algorithms for quantitative system security assurance are implemented and evaluated. In addition, a case study and an experiment are carried out to verify the effectiveness and efficiency of the proposed approach and the proposed algorithms.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.