Goal-driven risk assessment in requirements engineering

Asnar, Yudistira; Giorgini, Paolo; Mylopoulos, John

doi:10.1007/s00766-010-0112-x

Cited by 92 publications

(88 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In addition, there is a line of research in the area of security risk assessment [29][30][31] where there is identification, assessment, and mitigation of risks to security mechanisms that will endanger the satisfaction of security requirements. However, the risk are investigated in isolation with limited support for cost/benefit trade-off analysis.…”

Section: Related Workmentioning

confidence: 99%

Selecting Security Mechanisms in Secure Tropos

Pavlidis

Mouratidis

Panaousis

et al. 2017

Trust, Privacy and Security in Digital Business

View full text Add to dashboard Cite

Abstract. As security is a growing concern for modern information systems, Security Requirements Engineering has been developed as a very active area of research. A large body of work deals with elicitation, modelling, analysis, and reasoning about security requirements. However, there is little evidence of efforts to align security requirements with security mechanisms. This paper extends the Secure Tropos methodology to enable a clear alignment, between security requirements and security mechanisms, and a reasoning technique to optimise the selection of security mechanisms based on these security requirements and a set of other factors. The extending Secure Tropos supports modelling and analysis of security mechanisms; defines mathematically relevant modelling concepts to support a formal analysis; and defines and solves an optimisation problem to derive optimal sets of security mechanisms. We demonstrate the applicability of our work with the aid of a case study from the health care domain.

show abstract

Section: Related Workmentioning

confidence: 99%

Selecting Security Mechanisms in Secure Tropos

Pavlidis

Mouratidis

Panaousis

et al. 2017

Trust, Privacy and Security in Digital Business

View full text Add to dashboard Cite

show abstract

“…It is obtained from a simplication of the approach proposed in [19], following the path started in [20]. In [19], authors present a model for risk assessment where three layers are depicted: a goal layer where the goals and their relations are described, an event layer where events that can impact over the goals are described, and a treatment layer where a set of actions and their ability to mitigate the eect of events are modeled. In [20], the authors apply the model to a dierent eld, by focusing on eciency and QoS in data centers, focusing on the event layer.…”

Section: A Goal-oriented Model For Green Data Centersmentioning

confidence: 99%

Learning a goal-oriented model for energy efficient adaptive applications in data centers

Vitali

Pernici

O’Reilly

2015

Information Sciences

View full text Add to dashboard Cite

This work has been motivated by the growing demand of energy coming from the Information Technology (IT) sector. We propose a goal-oriented approach where the state of the system is assessed using a set of indicators.These indicators are evaluated against thresholds that are used as goals of our system. We propose a self-adaptive context-aware framework, where we learn both the relations existing between the indicators and the eect of the available actions over the indicators state. The system is also able to respond to changes in the environment, keeping these relations updated to the current situation. Results have shown that the proposed methodology is able to create a network of relations between indicators and to propose an eective set of repair actions to contrast suboptimal states of the data center. The proposed framework is an important tool for assisting the system administrator in the management of a data center oriented towards Energy Eciency (EE), showing him the connections occurring between the sometimes contrasting goals of the system and suggesting the most likely successful repair action(s) to improve the system state, both in terms of EE and Quality of Service (QoS).

show abstract

“…For risk identification, scenario-based heuristics are available [2,29] as well as goal-oriented formal techniques [1,14]. For risk assessment, various kinds of quantitative techniques are available [3,5,8,25]. For risk control, the only work on countermeasure exploration is [14] where the obstacle resolution tactics mentioned in this paper are described.…”

Section: Related Workmentioning

confidence: 99%

“…They often arise from a natural inclination to believe that the software and its environment will always behave as expected; no requirements are engineered for cases where this optimistic assumption does not hold. Requirements completeness therefore calls for putting risk analysis at the heart of the RE process [2,3,5,8,13,14,20].…”

Section: Introductionmentioning

confidence: 99%

Integrating exception handling in goal models

Cailliau

Lamsweerde

2014

2014 IEEE 22nd International Requirements Engineering Conference (RE)

View full text Add to dashboard Cite

Missing requirements are known to be among the major sources of software failure. Incompleteness often results from poor anticipation of what could go wrong with an over-ideal system. Obstacle analysis is a model-based, goalanchored form of risk analysis aimed at identifying, assessing and resolving exceptional conditions that may obstruct the behavioral goals of the target system. The obstacle resolution step is obviously crucial as it should result in more adequate and more complete requirements. In contrast with obstacle identification and assessment, however, this step has little support beyond a palette of resolution operators encoding tactics for producing isolated countermeasures to single risks. In particular, there is no single clue to date as to where and how such countermeasures should be integrated within a more robust goal model. To address this problem, the paper describes a systematic technique for integrating obstacle resolutions as countermeasure goals into goal mod... Obstacle analysis is a model-based, goal-anchored form of risk analysis aimed at identifying, assessing and resolving exceptional conditions that may obstruct the behavioral goals of the target system. The obstacle resolution step is obviously crucial as it should result in more adequate and more complete requirements. In contrast with obstacle identification and assessment, however, this step has little support beyond a palette of resolution operators encoding tactics for producing isolated countermeasures to single risks. In particular, there is no single clue to date as to where and how such countermeasures should be integrated within a more robust goal model. To address this problem, the paper describes a systematic technique for integrating obstacle resolutions as countermeasure goals into goal models. The technique is shown to guarantee progress towards a complete goal model; it preserves the correctness of refinements in the overall model; and keeps the original, ideal model visible to avoid cluttering the latter with a combinatorial blow-up of exceptional cases. To allow for this, the goal specification language is slightly extended in order to capture exceptions to goals seperately and distinguish normal situations from exceptional ones. The proposed technique is evaluated on a non-trivial ambulance dispatching system.

show abstract

Goal-driven risk assessment in requirements engineering

Cited by 92 publications

References 29 publications

Selecting Security Mechanisms in Secure Tropos

Selecting Security Mechanisms in Secure Tropos

Learning a goal-oriented model for energy efficient adaptive applications in data centers

Integrating exception handling in goal models

Contact Info

Product

Resources

About