Presentation is loading. Please wait.

Presentation is loading. Please wait.

TRUST TRADE-OFF ANALYSIS FOR SECURITY REQUIREMENTS ENGINEERING Authors: Golnaz Elahi, PhD student at the University of Toronto, Canada Eric Yu, full professor.

Published byLouisa Edwards Modified over 9 years ago

Similar presentations

Presentation on theme: "TRUST TRADE-OFF ANALYSIS FOR SECURITY REQUIREMENTS ENGINEERING Authors: Golnaz Elahi, PhD student at the University of Toronto, Canada Eric Yu, full professor."— Presentation transcript:

1 TRUST TRADE-OFF ANALYSIS FOR SECURITY REQUIREMENTS ENGINEERING Authors: Golnaz Elahi, PhD student at the University of Toronto, Canada Eric Yu, full professor at the University of Toronto, Canada Presenter: Bas Vlug

2 About the method Seven step agent- and goal-oriented method for analyzing security requirements 1. Identify actors and actors’ dependencies 2. Model and refine actors’ goals 3. Discover and model trust relationships in the dependency chain 4. Recording trust rationale 5. Replace the trustee party with a corresponding malicious party 6. Model and analyze vulnerabilities 7. Analyze the trust trade-offs Provides the capability to analyze potential malicious behavior of trustee parties

3 Process- Deliverable Diagram

4 Example Imagine: an organization wants to make a back-up Alternative: store back-up in the cloud!

5 Step 1: Identify actors & dependencies

6 Step 2: Model & refine goals

7

8

9 Step 3: Model trust relationships Step 4: Record trust rationale &

10 &

11 &

12 Step 5: Model malicious party

13

14 Step 6: Model vulnerabilities

15

16 Intermezzo: Create models for other alternatives! Store back-up locally? Don’t make a back-up at all?

17 Step 7: Analyze trust trade-offs

18 AlternativeGoal 1Goal 2Goal 3Goal 4Goal 5 Alternative 1PSFSPDFSPS Alternative 1 counterpart FDPDFDPD Alternative nFSPSFDFS Alternative n counterpart PD FD

19 Related literature - positioning Agent-oriented modelling notations i* Goal-oriented Requirements Language (GRL) Eric Yu’s seminal proposal Trust trade-off analysis for security requirements engineering TROPOS … (Ayala, C., Cares, C., Carvallo, J., Franch, X., Grau, G., Haya, M., Mayol, E., Quer, C., Salazar, G. (2005). A Comparative Analysis of i*-Based Agent-Oriented Modeling Languages. Proceedings of 17th International Conference on Software Engineering and Knowledge Engineering, Taipei, Taiwan, 43-50. )

20 Related literature – contribution Cited 9 times 4x self citation Used for: Even Swaps decision analysis Method that could be used when choosing an alternative from the trust trade-off table Not part of the method itself.

21 Questions?

Download ppt "TRUST TRADE-OFF ANALYSIS FOR SECURITY REQUIREMENTS ENGINEERING Authors: Golnaz Elahi, PhD student at the University of Toronto, Canada Eric Yu, full professor."

Similar presentations

As You Begin Your Research … Diljit Singh. Preparing for the Journey.

As You Begin Your Research … Diljit Singh. Preparing for the Journey.
The Role of a Registry Certificate Authority Some Steps towards Improving the Resiliency of the Internet Routing System: The Role of a Registry Certificate.

The Role of a Registry Certificate Authority Some Steps towards Improving the Resiliency of the Internet Routing System: The Role of a Registry Certificate.
1 GRL Introduction Lin Liu University of Toronto April 2001.

1 GRL Introduction Lin Liu University of Toronto April 2001.
Centralize or Decentralize? A Requirements Engineering Perspective on Internet-Scale Architectures Eric Yu University of Toronto July 2000.

Centralize or Decentralize? A Requirements Engineering Perspective on Internet-Scale Architectures Eric Yu University of Toronto July 2000.
<<Date>><<SDLC Phase>>

<<Date>><<SDLC Phase>>
The Security Analysis Process University of Sunderland CIT304 Harry R. Erwin, PhD.

The Security Analysis Process University of Sunderland CIT304 Harry R. Erwin, PhD.
© Eric Yu 2001 1 Agenda Session 1 – Introduction December 13, 14:30-16:30 Motivations Basic concepts –The Strategic Dependency Model –The Strategic Rationale.

© Eric Yu Agenda Session 1 – Introduction December 13, 14:30-16:30 Motivations Basic concepts –The Strategic Dependency Model –The Strategic Rationale.
Shou Ray Information Service Co., Ltd.

Shou Ray Information Service Co., Ltd.
University of Toronto Department of Computer Science © 2004-5 Steve Easterbrook. This presentation is available free for non-commercial use with attribution.

University of Toronto Department of Computer Science © Steve Easterbrook. This presentation is available free for non-commercial use with attribution.
Projects 2011. Key dates 16.12 lists of suggested projects published * *You are highly encouraged to choose a project yourself or find a relevant project.

Projects Key dates lists of suggested projects published * *You are highly encouraged to choose a project yourself or find a relevant project.
CSCI928 Software Engineering Requirements & Specifications Modeling System Interactions Tri A. Kurniawan, M.Eng. Ph.D Candidate

CSCI928 Software Engineering Requirements & Specifications Modeling System Interactions Tri A. Kurniawan, M.Eng. Ph.D Candidate
Chapter 1 Assuming the Role of the Systems Analyst

Chapter 1 Assuming the Role of the Systems Analyst
UAMS Department of Biochemistry and Molecular Biology

UAMS Department of Biochemistry and Molecular Biology
Analyzing Goal Models – Different Approaches and How to Choose Among Them Jennifer Horkoff 1 Eric Yu 2 1 Department of Computer Science 2 Faculty of Information.

Analyzing Goal Models – Different Approaches and How to Choose Among Them Jennifer Horkoff 1 Eric Yu 2 1 Department of Computer Science 2 Faculty of Information.
Evaluating Goal Achievement in Enterprise Modeling – An Interactive Procedure and Experiences Jennifer Horkoff 1 Eric Yu 2 1 Department of Computer Science,

Evaluating Goal Achievement in Enterprise Modeling – An Interactive Procedure and Experiences Jennifer Horkoff 1 Eric Yu 2 1 Department of Computer Science,
Jerry KotubaSYST39409-Object Oriented Methodologies1 Object Oriented Methodologies Week04.

Jerry KotubaSYST39409-Object Oriented Methodologies1 Object Oriented Methodologies Week04.
R EFLECTIVE A NALYSIS OF THE S YNTAX AND S EMANTICS OF THE i* F RAMEWORK Jennifer Horkoff, Golnaz Elahi, Samer Abdulhadi, Eric Yu Department of Computer.

R EFLECTIVE A NALYSIS OF THE S YNTAX AND S EMANTICS OF THE i* F RAMEWORK Jennifer Horkoff, Golnaz Elahi, Samer Abdulhadi, Eric Yu Department of Computer.
SecureTropos ST-Tool A CASE tool for security-aware software requirements analysis Departement of Information and Communication Technology – University.

SecureTropos ST-Tool A CASE tool for security-aware software requirements analysis Departement of Information and Communication Technology – University.
TC Methodology Massimo Cossentino (Italian National Research Council) Radovan Cervenka (Whitestein Technologies)

TC Methodology Massimo Cossentino (Italian National Research Council) Radovan Cervenka (Whitestein Technologies)
TOWARDS ADVANCED GOAL MODEL ANALYSIS WITH JUCMNAV Daniel Amyot, Azalia Shamsaei, Jason Kealey, Etienne Tremblay, Andrew Miga, Gunter Mussbacher, and Mohammad.

TOWARDS ADVANCED GOAL MODEL ANALYSIS WITH JUCMNAV Daniel Amyot, Azalia Shamsaei, Jason Kealey, Etienne Tremblay, Andrew Miga, Gunter Mussbacher, and Mohammad.

Similar presentations

Ads by Google