Syntactic and Semantic Extensions to Secure Tropos to Support Security Risk Management

Research output: Contribution to journalArticle

Abstract

The need to consider security from the early stages of the development process of information systems has been argued by academics and industrialists alike, and security risk management has been recognised as one of the most prominent techniques for eliciting security requirements. However, although existing security modelling languages provide some means to model security aspects, they do not contain concrete constructs to address vulnerable system assets, their risks, and risk treatments. Furthermore, security languages do not provide a crosscutting viewpoint relating all three - assets, risks and risk treatments - together. This is problematic since, for a security analyst, it is difficult to detect what the potential security flaws could be, and how they need to be fixed. In this paper, we extend the Secure Tropos language, an agent and goal-oriented security modelling language to support modelling of security risks. Based on previous work, where we had observed some inadequacies of this language to modelsecurity risks, this paper suggests improvements of Secure Tropos semantics and syntax. On the syntax level we extend the concrete and abstract syntax of the language, so that it covers the security risk management domain. On the semantic level, we illustrate how language constructs need to be improved to address the three different levels of security risk management. The suggested improvements are illustrated with the aid of a running example, called eSAP, from the healthcare domain.
Original languageEnglish
Pages (from-to)816-844
Number of pages29
JournalJournal of Universal Computer Science
Issue number6
Publication statusPublished - 1 Jan 2012

Fingerprint

Risk Management
Syntactics
Risk management
Semantics
Modeling Language
Syntax
Information systems
Concretes
Alike
Security Model
Defects
Development Process
Healthcare
Information Systems
Language
Cover

Keywords

  • syntax and semantics of modelling language
  • secure tropos
  • risk management
  • information system
  • security

Cite this

@article{f449c19a2b2f4f87aa7b04474bebda7f,
title = "Syntactic and Semantic Extensions to Secure Tropos to Support Security Risk Management",
abstract = "The need to consider security from the early stages of the development process of information systems has been argued by academics and industrialists alike, and security risk management has been recognised as one of the most prominent techniques for eliciting security requirements. However, although existing security modelling languages provide some means to model security aspects, they do not contain concrete constructs to address vulnerable system assets, their risks, and risk treatments. Furthermore, security languages do not provide a crosscutting viewpoint relating all three - assets, risks and risk treatments - together. This is problematic since, for a security analyst, it is difficult to detect what the potential security flaws could be, and how they need to be fixed. In this paper, we extend the Secure Tropos language, an agent and goal-oriented security modelling language to support modelling of security risks. Based on previous work, where we had observed some inadequacies of this language to modelsecurity risks, this paper suggests improvements of Secure Tropos semantics and syntax. On the syntax level we extend the concrete and abstract syntax of the language, so that it covers the security risk management domain. On the semantic level, we illustrate how language constructs need to be improved to address the three different levels of security risk management. The suggested improvements are illustrated with the aid of a running example, called eSAP, from the healthcare domain.",
keywords = "syntax and semantics of modelling language, secure tropos, risk management, information system, security",
author = "Raimundas Matulevicius and Haralambos Mouratidis and Nicolas Mayer and Eric Dubois and Patrick Heymans",
year = "2012",
month = "1",
day = "1",
language = "English",
pages = "816--844",
journal = "Journal of Universal Computer Science",
issn = "0948-6968",
publisher = "Springer Verlag",
number = "6",

}

TY - JOUR

T1 - Syntactic and Semantic Extensions to Secure Tropos to Support Security Risk Management

AU - Matulevicius, Raimundas

AU - Mouratidis, Haralambos

AU - Mayer, Nicolas

AU - Dubois, Eric

AU - Heymans, Patrick

PY - 2012/1/1

Y1 - 2012/1/1

N2 - The need to consider security from the early stages of the development process of information systems has been argued by academics and industrialists alike, and security risk management has been recognised as one of the most prominent techniques for eliciting security requirements. However, although existing security modelling languages provide some means to model security aspects, they do not contain concrete constructs to address vulnerable system assets, their risks, and risk treatments. Furthermore, security languages do not provide a crosscutting viewpoint relating all three - assets, risks and risk treatments - together. This is problematic since, for a security analyst, it is difficult to detect what the potential security flaws could be, and how they need to be fixed. In this paper, we extend the Secure Tropos language, an agent and goal-oriented security modelling language to support modelling of security risks. Based on previous work, where we had observed some inadequacies of this language to modelsecurity risks, this paper suggests improvements of Secure Tropos semantics and syntax. On the syntax level we extend the concrete and abstract syntax of the language, so that it covers the security risk management domain. On the semantic level, we illustrate how language constructs need to be improved to address the three different levels of security risk management. The suggested improvements are illustrated with the aid of a running example, called eSAP, from the healthcare domain.

AB - The need to consider security from the early stages of the development process of information systems has been argued by academics and industrialists alike, and security risk management has been recognised as one of the most prominent techniques for eliciting security requirements. However, although existing security modelling languages provide some means to model security aspects, they do not contain concrete constructs to address vulnerable system assets, their risks, and risk treatments. Furthermore, security languages do not provide a crosscutting viewpoint relating all three - assets, risks and risk treatments - together. This is problematic since, for a security analyst, it is difficult to detect what the potential security flaws could be, and how they need to be fixed. In this paper, we extend the Secure Tropos language, an agent and goal-oriented security modelling language to support modelling of security risks. Based on previous work, where we had observed some inadequacies of this language to modelsecurity risks, this paper suggests improvements of Secure Tropos semantics and syntax. On the syntax level we extend the concrete and abstract syntax of the language, so that it covers the security risk management domain. On the semantic level, we illustrate how language constructs need to be improved to address the three different levels of security risk management. The suggested improvements are illustrated with the aid of a running example, called eSAP, from the healthcare domain.

KW - syntax and semantics of modelling language

KW - secure tropos

KW - risk management

KW - information system

KW - security

M3 - Article

SP - 816

EP - 844

JO - Journal of Universal Computer Science

JF - Journal of Universal Computer Science

SN - 0948-6968

IS - 6

ER -