Differences

This shows you the differences between two versions of the page.

--- evolving_security_requirements [2013/03/27 16:36]
leminhsang.tran@unitn.it [People]
+++ evolving_security_requirements [2021/01/29 10:58]
@@ Line 1: / Line 1: @@
-====== Evolving Security Requirements ======
-Requirements evolution are unavoidable for any life-long system due to changes
-in business objectives, regulations, standards, environment or threats. In many
-cases, these changes are not completely unknown. For instance, the ongoing
-discussion in a standard body might feature two or three proposals, albeit
-might not be clear which one will finally win. A possible solution to the
-challenges of requirements evolution is to choose a good design alternative
-that could still work when evolution happens to minimize the risk and maximize
-the benefit.
-While many approaches have been proposed to perform the management or
-consistency checking on requirements evolution, there has been less effort on
-delivering an explicit modeling and reasoning framework to assist decision
-managers select a good design alternative.  We need to capture what
-Loucopoulous and Kavakli [[http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.198.2218|[ER-99]]] identified as the
-knowledge about //"what the current state is"//, //"where the desired state
-to-be is in the future"//, and //"alternative designs"// for the desired
-future state. In this respect it is important to provide a sound quantitative
-analysis, which is one of the current weaknesses identified by Dalal et al.
-[[http://dl.acm.org/citation.cfm?id=971620|[CACM-04]]] of many existing approaches.
-==== The Proposed Approach ====
-We are working on a generic approach which tackles the
-fundamental issue of modeling and reasoning about requirements evolution to aid
-such decision making. The modeling support represents requirements evolution in
-terms of controllable and observable rules in which probability estimates can
-be accounted by using game-theoretic semantics. The reasoning support provides
-three quantitative metrics to identify which requirements must be implemented
-to guarantee the best chances of success (Max Belief) or minimize the risk of
-wasting money (Deferral Risk and Max Disbelief).
-===== People =====
-The following is a list of people that has been involved in the project at some point in time.
-  * [[http://disi.unitn.it/~tran|Le Minh Sang Tran]] (PhD Student)
-  * [[http://disi.unitn.it/~massacci|Fabio Massacci]]
-===== Projects =====
-This activity was supported by a number of project
-  * NESSOS
-  * SECURECHANGE
-===== Publications =====
-===2012===
-  * Fabio Massacci, Deepa Nagaraj, Federica Paci, Le Minh Sang Tran and Alessandra Tedeschi. //Assessing a Requirements Evolution Approach: Empirical Studies in the Air Traffic Management Domain//. In Proceeding of the International Workshop on Empirical Requirements Engineering (EmpiRE 2012), co-located with RE 2012, September 25, 2012, Chicago, Illinois, USA.{{:research_activities:security_requirements_engineering:mass-etal-empire2012.pdf|PDF}}
-===2011===
-  * L.M.S.Tran and F.Massacci. //Dealing with Known Unknowns: Towards a Game-Theoretic Foundation for Software Requirement Evolution//. In Proceeding of the 23rd International Conference on Advanced Information Systems Engineering (CAiSE'11) London, June 2011.{{:research_activities:security_requirements_engineering:forcaise-camera.pdf|PDF}}
-  * L.M.S.Tran. //Requirement Evolution: Towards a Methodology and Framework//. In the CAiSE Doctoral Consortium 2011. London, June 2011. {{:research_activities:security_requirements_engineering:caise-dc-mst.pdf|PDF}}
-===== Talks and Tutorials =====
-===== Software =====

DISI Security Research Group Wiki

User Tools

Site Tools

Differences

Page Tools