1 Structuring Knowledge for a Security Trade-offs Knowledge Base Golnaz Elahi Department of Computer Science Eric Yu Faculty of Information Study University.

Slides:

Advertisements

Similar presentations

1 GRL Introduction Lin Liu University of Toronto April 2001.

Advertisements

Modelling with expert systems. Expert systems Modelling with expert systems Coaching modelling with expert systems Advantages and limitations of modelling.

Centralize or Decentralize? A Requirements Engineering Perspective on Internet-Scale Architectures Eric Yu University of Toronto July 2000.

© Eric Yu Strategic Actor Relationships Modelling with i* Eric Yu University of Toronto December 13-14, 2001 IRST, Trento, Italy.

Strategic Modelling for Enterprise Integration Eric Yu University of Toronto 14th World Congress International Federation of Automatic Control July 5-9,

© Eric Yu Agenda Session 1 – Introduction December 13, 14:30-16:30 Motivations Basic concepts –The Strategic Dependency Model –The Strategic Rationale.

Automated Analysis and Code Generation for Domain-Specific Models George Edwards Center for Systems and Software Engineering University of Southern California.

Towards Modelling and Reasoning Support for Early-Phase Requirements Engineering Vahid Jalali Amirkabir university of technology, Department of computer.

Eliciting Goals for Business Process Models with Non-Functional Requirements Catalogues Evellin C. S. Cardoso, João Paulo A. Almeida, Giancarlo Guizzardi.

Knowledge Acquisitioning. Definition The transfer and transformation of potential problem solving expertise from some knowledge source to a program.

CSCI928 Software Engineering Requirements & Specifications Modeling System Interactions Tri A. Kurniawan, M.Eng. Ph.D Candidate

Towards Modelling and Reasoning Support for Early-Phase Requirements Engineering درس مهندسی نیازمندی ها استاد دکتر عبداله زاده دانشجو خیرالنسا مرچانت.

Quality is about testing early and testing often Joe Apuzzo, Ngozi Nwana, Sweety Varghese Student/Faculty Research Day CSIS Pace University May 6th, 2005.

Amirkabir University of Technology, Computer Engineering Faculty, Intelligent Systems Laboratory,Requirements Engineering Course, Dr. Abdollahzadeh 1 Goal.

Building Knowledge-Driven DSS and Mining Data

Amirkabir University of Technology, Computer Engineering Faculty, Intelligent Systems Laboratory,Requirements Engineering Course, Dr. Abdollahzadeh 1 Towards.

Systems Engineering Foundations of Software Systems Integration Peter Denno, Allison Barnard Feeney Manufacturing Engineering Laboratory National Institute.

Copyright c 2006 Oxford University Press 1 Chapter 4 Group Tasks and Activities Wide variety of synonyms and metaphors for groups and teams Crosses context.

TRUST TRADE-OFF ANALYSIS FOR SECURITY REQUIREMENTS ENGINEERING Authors: Golnaz Elahi, PhD student at the University of Toronto, Canada Eric Yu, full professor.

Domain-Specific Software Engineering Alex Adamec.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 2 02/01/2010 Security and Privacy in Cloud Computing.

A Framework for Iterative, Interactive Analysis of Agent-Goal Models in Early Requirements Engineering (Research Proposal) Jennifer Horkoff 1 Eric Yu 2.

Temporal Event Map Construction For Event Search Qing Li Department of Computer Science City University of Hong Kong.

SEC835 Database and Web application security Information Security Architecture.

ARTIFICIAL INTELLIGENCE [INTELLIGENT AGENTS PARADIGM] Professor Janis Grundspenkis Riga Technical University Faculty of Computer Science and Information.

Evaluating Goal Achievement in Enterprise Modeling – An Interactive Procedure and Experiences Jennifer Horkoff 1 Eric Yu 2 1 Department of Computer Science,

Architecting secure software systems

Risk Analysis in Software Design Author: Verdon, D. and McGraw, G. Presenter: Chris Hundersmarck.

SecureTropos ST-Tool A CASE tool for security-aware software requirements analysis Departement of Information and Communication Technology – University.

Grant Number: IIS Institution of PI: Arizona State University PIs: Zoé Lacroix Title: Collaborative Research: Semantic Map of Biological Data.

Visualizations to Support Interactive Goal Model Analysis Jennifer Horkoff 1 Eric Yu 2 Department of Computer Science 1 Faculty of Information 2

1 Sobah Abbas Petersen Adjunct Associate Professor TDT4252 Modelling of Information Systems Advanced Course Lecture 5: i*modelling.

1 From GORE (not the US presidential candidate) to AORE (Agent-Oriented Requirements Engineering) Eric Yu University of Toronto November 2000.

SWETO: Large-Scale Semantic Web Test-bed Ontology In Action Workshop (Banff Alberta, Canada June 21 st 2004) Boanerges Aleman-MezaBoanerges Aleman-Meza,

BUSINESS INFORMATICS descriptors presentation Vladimir Radevski, PhD Associated Professor Faculty of Contemporary Sciences and Technologies (CST) Linkoping.

Learning outcomes for BUSINESS INFORMATCIS Vladimir Radevski, PhD Associated Professor Faculty of Contemporary Sciences and Technologies (CST)

The Science of Cyber Security Laurie Williams 1 Figure from IEEE Security and Privacy, May-June 2011 issue.

Introduction To Software Component Reuse

© Eric Yu Strategic Actor Relationships Modelling with i* Eric Yu University of Toronto December 13-14, 2001 IRST, Trento, Italy.

Model-Driven Analysis Frameworks for Embedded Systems George Edwards USC Center for Systems and Software Engineering

1 OSU-Okmulgee Assessment Plan 2003 Welcome to Phase I Training.

Raian Ali, Fabiano Dalpiaz, Paolo Giorgini Location-based Software Modeling and Analysis: Tropos-based Approach.

For Goal-Driven Business Process Modeling Saeed A.Behnam,  Daniel Amyot, Gunter Mussbacher SITE, University of.

A Context Model based on Ontological Languages: a Proposal for Information Visualization School of Informatics Castilla-La Mancha University Ramón Hervás.

1 Evolving System Architecture to Meet Changing Business Goals An Agent and Goal-Oriented Approach Daniel Gross & Eric Yu Faculty of Information Studies.

A Goal Based Methodology for Developing Domain-Specific Ontological Frameworks Faezeh Ensan, Weichang Du Faculty of Computer Science, University of New.

Personalized Interaction With Semantic Information Portals Eric Schwarzkopf DFKI

27/3/2008 1/16 A FRAMEWORK FOR REQUIREMENTS ENGINEERING PROCESS DEVELOPMENT (FRERE) Dr. Li Jiang School of Computer Science The.

Digital Libraries1 David Rashty. Digital Libraries2 “A library is an arsenal of liberty” Anonymous.

1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.

Requirement Engineering with URN: Integrating Goals and Scenarios Jean-François Roy Thesis Defense February 16, 2007.

A Tool for Trade-off Resolution on Architecture-Centered Software Development Authors: Italo Silva, Patrick Brito, Baldoino Neto, Evandro Costa and Hemilis.

Improving Higher Order Thinking Skills. What Teachers Must Do. Teachers must teach how to use Higher Order Thinking Skills (HOTS). Criteria in defining.

A Method for Improving Code Reuse System Prasanthi.S.

CSCE 548 Secure Software Development Use Cases Misuse Cases

CS4311 Spring 2011 Process Improvement Dr

Information Systems Analysis and Design

Object-Oriented Software Engineering Using UML, Patterns, and Java,

The Use of Strategic Goal Modeling

Cybersecurity EXERCISE (CE) ATD Scenario intro

Assist. Prof. Magy Mohamed Kandil

Authors: Khaled Abdelsalam Mohamed Amr Kamel

Model-Driven Analysis Frameworks for Embedded Systems

Grade 6 Outdoor School Program Curriculum Map

HCI – DESIGN RATIONALE 20 November 2018.

21st Century Employability Skills

TDT4252 Modelling of Information Systems Advanced Course

Automated Analysis and Code Generation for Domain-Specific Models

Presented By: Darlene Banta

Presentation transcript:

1 Structuring Knowledge for a Security Trade-offs Knowledge Base Golnaz Elahi Department of Computer Science Eric Yu Faculty of Information Study University of Toronto IdentityPrivacy and Security Initiative Research Symposium Identity, Privacy and Security Initiative Research Symposium May 2 nd 2008

2 Strategic Dependencies among Actors

3 Modelling Strategic Actor Relationships and Rationales - the i* modelling framework Strategic Actors:  have goals, beliefs, abilities, commitments  are semi-autonomous freedom of action, constrained by relationships with others not fully knowable or controllable has knowledge to guide action, but only partially explicit  depend on each other for goals to be achieved, tasks to be performed, resources to be furnished

4 Strategic Rationales about alternative configurations of relationships with other actors – Why? How? How else?

5 i* Evaluation Procedure  Semi-automatable propagation of qualitative evaluation labels uses evaluation guidelines and human judgment.

6 Security Trade-offs Modeling and Analysis using i*

7 Structuring Knowledge for a Security Trade-offs Knowledge Base A Goal-Oriented Approach

8 Problems

9 Security Knowledge Sources  Textbooks  Guidelines  Standards  Checklists  Documentation from past projects  Security Design Patterns  Structured Catalogues & Knowledge Bases

Excerpt from the NIST guidelines 10 Structuring Knowledge * *

11 Motivations and Questions  What would be a good way to organize and structure knowledge to assist designers in making security trade- offs?  We suggest a Goal-Oriented approach for structuring security trade-offs knowledge.

12 Analyzing the Structure of the Knowledge in the NIST Guidelines Quality Goals Goals Security Mechanis m Actor Attacker Attack Impact s Vulnerabilit y

13 The KB Schema  Actors and their goals  Mechanisms and contributions of mechanisms on goals and other mechanisms  Attackers and attacks  Impact of attacks on goals and impact of security mechanisms on attacks

14 Example of Structured Knowledge

15 Reusable Unit of Knowledge  What are the consequences of applying a particular security mechanism on malicious and non-malicious goals and mechanisms?  Which actor or system’s component should employ a particular security mechanism?

16 Reusable Unit of Knowledge What is the impact of a particular attack on other goals and mechanisms? What vulnerabilities exist in a particular asset or mechanism? What attacks threaten a particular mechanism, asset, or goal? Who may threaten the system?

17 Reusable Unit of Knowledge  What security mechanisms prevent or detect a particular attack or recover the system after the occurrence of the attack?

18 Reusable Unit of Knowledge: Example

19 Conclusion  Trade-offs between competing goals and the alternative solutions are expressed by relating consequences of applying each alternative to the goals.  The knowledge models enable goal model evaluation techniques to evaluate the goals satisfaction.  During the process modeling, missing points and relationships are discovered.

20 Limitations and Ongoing work  The visual goal-oriented knowledge models are not well scalable  This makes the browsing, understating, and analyzing knowledge expressed in the visual goal models difficult.  Therefore, to solve the scalability problem 1. It is needed to store the goal-oriented knowledge structure in goal-oriented text formats. 2. It is required to have query languages to extract a fragment of the large chunk of knowledge. 3. The unit of knowledge to extract from the KB needs to be defined.

21 References : [Mead 05] Mead, N. R., McGraw, G., A portal for software security, IEEE Security & Privacy, 2(4), (2005) [Barnum 05] Barnum, S., McGraw, G., Knowledge for software security, IEEE Security & Privacy 3(2), (2005) [NIST ] Grance, T., Stevens, M., Myers, M., Guide to Selecting Information Technology Security Products, Recommendations of the National Institute of Standards and Technology, NIST Special Publication (2003) [ER07] G. Elahi, E. Yu, A goal oriented approach for modeling and analyzing security trade-offs, In Proceeding of 26th International Conference of Conceptual Modeling, 2007, [RE03] L. Liu, E. Yu, J. Mylopoulos, Security and Privacy Requirements Analysis within a Social Setting. In IEEE Joint Int. Conf. on Requirements Engineering, 2003, Eric Yu: Golnaz Elahi: