Goal-directed requirements acquisition
6IWSSD Selected Papers of the Sixth International Workshop on Software Specification and Design
Modelling strategic relationships for process reengineering
Modelling strategic relationships for process reengineering
A graph-based system for network-vulnerability analysis
Proceedings of the 1998 workshop on New security paradigms
Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
Security in Computing
Security attribute evaluation method: a cost-benefit approach
Proceedings of the 24th International Conference on Software Engineering
Good-Enough Security: Toward a Pragmatic Business-Driven Discipline
IEEE Internet Computing
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Initial Industrial Experience of Misuse Cases in Trade-Off Analysis
RE '02 Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering
A Requirements-Driven Development Methodology
CAiSE '01 Proceedings of the 13th International Conference on Advanced Information Systems Engineering
Software Architecture in Practice
Software Architecture in Practice
Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Towards Modeling and Reasoning Support for Early-Phase Requirements Engineering
RE '97 Proceedings of the 3rd IEEE International Symposium on Requirements Engineering
Modelling secure multiagent systems
AAMAS '03 Proceedings of the second international joint conference on Autonomous agents and multiagent systems
Guardian Angel: Patient-Centered Health Information Systems
Guardian Angel: Patient-Centered Health Information Systems
Security and Privacy Requirements Analysis within a Social Setting
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Elaborating Security Requirements by Construction of Intentional Anti-Models
Proceedings of the 26th International Conference on Software Engineering
The Effect of Trust Assumptions on the Elaboration of Security Requirements
RE '04 Proceedings of the Requirements Engineering Conference, 12th IEEE International
Modeling Security Requirements Through Ownership, Permission and Delegation
RE '05 Proceedings of the 13th IEEE International Conference on Requirements Engineering
A framework for security requirements engineering
Proceedings of the 2006 international workshop on Software engineering for secure systems
Aligning usability and security: a usability study of Polaris
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Extended Influence Diagrams for Enterprise Architecture Analysis
EDOC '06 Proceedings of the 10th IEEE International Enterprise Distributed Object Computing Conference
Secure Systems Development with UML
Secure Systems Development with UML
SP 800-36. Guide to Selecting Information Technology Security Products
SP 800-36. Guide to Selecting Information Technology Security Products
Formal modelling of organisational goals based on performance indicators
Data & Knowledge Engineering
Impact analysis of goal-oriented requirements in web engineering
ICCSA'11 Proceedings of the 2011 international conference on Computational science and Its applications - Volume Part V
ICCSA'12 Proceedings of the 12th international conference on Computational Science and Its Applications - Volume Part IV
Journal of Systems and Software
Editorial: Recent developments in high performance computing and security: An editorial
Future Generation Computer Systems
| Hi-index | 0.00 |
In designing software systems, security is typically only one design objective among many. It may compete with other objectives such as functionality, usability, and performance. Too often, security mechanisms such as firewalls, access control, or encryption are adopted without explicit recognition of competing design objectives and their origins in stakeholders' interests. Recently, there is increasing acknowledgement that security is ultimately about trade-offs. One can only aim for ''good enough'' security, given the competing demands from many parties. This paper investigates the criteria for a conceptual modeling technique for making security trade-offs. We examine how conceptual modeling can provide explicit and systematic support for modeling and analyzing security trade-offs. We examine several existing approaches for dealing with trade-offs and security trade-offs in particular. From analyzing the limitations of existing methods, we propose an extension to the i^* Framework for security trade-off analysis, taking advantage of its multi-agent and goal orientation. The method was applied to several case studies used to exemplify existing approaches. The resulting models developed using different approaches are compared.