This shows you the differences between two versions of the page.
evolving_security_requirements [2013/03/27 16:36] leminhsang.tran@unitn.it [People] |
evolving_security_requirements [2021/01/29 10:58] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Evolving Security Requirements ====== | ||
- | |||
- | Requirements evolution are unavoidable for any life-long system due to changes | ||
- | in business objectives, regulations, standards, environment or threats. In many | ||
- | cases, these changes are not completely unknown. For instance, the ongoing | ||
- | discussion in a standard body might feature two or three proposals, albeit | ||
- | might not be clear which one will finally win. A possible solution to the | ||
- | challenges of requirements evolution is to choose a good design alternative | ||
- | that could still work when evolution happens to minimize the risk and maximize | ||
- | the benefit. | ||
- | |||
- | While many approaches have been proposed to perform the management or | ||
- | consistency checking on requirements evolution, there has been less effort on | ||
- | delivering an explicit modeling and reasoning framework to assist decision | ||
- | managers select a good design alternative. We need to capture what | ||
- | Loucopoulous and Kavakli [[http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.198.2218|[ER-99]]] identified as the | ||
- | knowledge about //"what the current state is"//, //"where the desired state | ||
- | to-be is in the future"//, and //"alternative designs"// for the desired | ||
- | future state. In this respect it is important to provide a sound quantitative | ||
- | analysis, which is one of the current weaknesses identified by Dalal et al. | ||
- | [[http://dl.acm.org/citation.cfm?id=971620|[CACM-04]]] of many existing approaches. | ||
- | |||
- | |||
- | ==== The Proposed Approach ==== | ||
- | |||
- | We are working on a generic approach which tackles the | ||
- | fundamental issue of modeling and reasoning about requirements evolution to aid | ||
- | such decision making. The modeling support represents requirements evolution in | ||
- | terms of controllable and observable rules in which probability estimates can | ||
- | be accounted by using game-theoretic semantics. The reasoning support provides | ||
- | three quantitative metrics to identify which requirements must be implemented | ||
- | to guarantee the best chances of success (Max Belief) or minimize the risk of | ||
- | wasting money (Deferral Risk and Max Disbelief). | ||
- | ===== People ===== | ||
- | The following is a list of people that has been involved in the project at some point in time. | ||
- | * [[http://disi.unitn.it/~tran|Le Minh Sang Tran]] (PhD Student) | ||
- | * [[http://disi.unitn.it/~massacci|Fabio Massacci]] | ||
- | |||
- | ===== Projects ===== | ||
- | This activity was supported by a number of project | ||
- | * NESSOS | ||
- | * SECURECHANGE | ||
- | |||
- | ===== Publications ===== | ||
- | ===2012=== | ||
- | * Fabio Massacci, Deepa Nagaraj, Federica Paci, Le Minh Sang Tran and Alessandra Tedeschi. //Assessing a Requirements Evolution Approach: Empirical Studies in the Air Traffic Management Domain//. In Proceeding of the International Workshop on Empirical Requirements Engineering (EmpiRE 2012), co-located with RE 2012, September 25, 2012, Chicago, Illinois, USA.{{:research_activities:security_requirements_engineering:mass-etal-empire2012.pdf|PDF}} | ||
- | |||
- | ===2011=== | ||
- | * L.M.S.Tran and F.Massacci. //Dealing with Known Unknowns: Towards a Game-Theoretic Foundation for Software Requirement Evolution//. In Proceeding of the 23rd International Conference on Advanced Information Systems Engineering (CAiSE'11) London, June 2011.{{:research_activities:security_requirements_engineering:forcaise-camera.pdf|PDF}} | ||
- | * L.M.S.Tran. //Requirement Evolution: Towards a Methodology and Framework//. In the CAiSE Doctoral Consortium 2011. London, June 2011. {{:research_activities:security_requirements_engineering:caise-dc-mst.pdf|PDF}} | ||
- | |||
- | ===== Talks and Tutorials ===== | ||
- | |||
- | ===== Software ===== | ||