Argumentation-based security requirements analysis: Bitmessage case study

Andor Kovacs, Ioannis Karakatsanis, Davor Svetinovic

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Scopus citations

Abstract

Developers have to ensure that their systems meet certain security requirements. Structured argumentation can be a powerful tool for developers to deal with system behavior, vulnerabilities, and threats. Haley's framework is based on construction of a context for the system, representing security requirements as constraints, and developing satisfaction arguments for the security requirements. Incomplete and uncertain information and limited resources force the developers to settle for good-enough security. Risk assessment in Security Argumentation (RISA) extends Haley's method with risk assessment. RISA uses publicly available catalogs of security expertise and most common attack patterns to support risk assessment. These catalogs provide valuable information to the assessment process and help the developers identify mitigations for security requirements satisfaction. RISA developers stated the most pressing issue of their future work is the validation of RISA. In previous studies, no validation of RISA framework has been done on a complex system. Hence, this work evaluates RISA framework by applying it to the security requirements analysis of the address generation module of the decentralized, peer-to-peer communication protocol Bit Message. In addition, based on this analysis, we suggest a new set of requirements to improve the security of the current Bit Message client version.

Original languageBritish English
Title of host publicationProceedings - 2014 IEEE International Conference on Internet of Things, iThings 2014, 2014 IEEE International Conference on Green Computing and Communications, GreenCom 2014 and 2014 IEEE International Conference on Cyber-Physical-Social Computing, CPS 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages408-414
Number of pages7
ISBN (Electronic)9781479959679
DOIs
StatePublished - 12 Mar 2014
Event2014 IEEE International Conference on Internet of Things, iThings 2014, Collocated with 2014 IEEE International Conference on Cyber, Physical and Social Computing, CPSCom 2014 and 2014 IEEE International Conference on Green Computing and Communications, GreenCom 2014 - Taipei, Taiwan, Province of China
Duration: 1 Sep 20143 Sep 2014

Publication series

NameProceedings - 2014 IEEE International Conference on Internet of Things, iThings 2014, 2014 IEEE International Conference on Green Computing and Communications, GreenCom 2014 and 2014 IEEE International Conference on Cyber-Physical-Social Computing, CPS 2014

Conference

Conference2014 IEEE International Conference on Internet of Things, iThings 2014, Collocated with 2014 IEEE International Conference on Cyber, Physical and Social Computing, CPSCom 2014 and 2014 IEEE International Conference on Green Computing and Communications, GreenCom 2014
Country/TerritoryTaiwan, Province of China
CityTaipei
Period1/09/143/09/14

Keywords

  • Requirements engineering
  • Risk-based argumentation
  • Security requirements

Fingerprint

Dive into the research topics of 'Argumentation-based security requirements analysis: Bitmessage case study'. Together they form a unique fingerprint.

Cite this