Cost-Benefit Trade-Off Analysis Using BBN for Aspect-Oriented Risk-Driven Development

Authors:
Geri Georg;James Bieman;Jan Jurjens
Affiliations:
Colorado State University;Colorado State University;Technical University of Munich
Venue:
ICECCS '05 Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems
Year:
2005

Citing 0
Cited 9

Security Analysis of a Biometric Authentication System Using UMLsec and JML

MODELS '09 Proceedings of the 12th International Conference on Model Driven Engineering Languages and Systems
Quantifying security risk level from CVSS estimates of frequency and impact

Journal of Systems and Software
Towards the secure modelling of OLAP users behaviour

SDM'10 Proceedings of the 7th VLDB conference on Secure data management
Trust-based security level evaluation using Bayesian belief networks

Transactions on computational science X
Appraisal and reporting of security assurance at operational systems level

Journal of Systems and Software
Aspect-Oriented risk driven development of secure applications

DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Estimating the relative trustworthiness of information sources in security solution evaluation

iTrust'06 Proceedings of the 4th international conference on Trust Management
Directives for composing aspect-oriented design class models

Transactions on Aspect-Oriented Software Development I
Threat and Risk-Driven Security Requirements Engineering

International Journal of Mobile Computing and Multimedia Communications

Quantified Score

Hi-index	0.02

Visualization

Abstract

Security critical systems must perform at the required security level, make effective use of available resources, and meet end-users expectations. Balancing these needs, and at the same time fulfilling budget and time-to-market constraints, requires developers to design and evaluate alternative security treatment strategies. In this paper, we present a development framework that utilizes Bayesian Belief Networks (BBN) and Aspect-Oriented Modeling (AOM) for a cost-benefit trade-off analysis of treatment strategies. AOM allows developers to model pervasive security treatments separately from other system functionality. This ease the trade-off by making it possible to swap treatment strategies in and out when computing Return on Security Investments (RoSI). The trade-off analysis is implemented using BBN, and RoSI is computed by estimating a set of variables describing properties of a treatment strategy. RoSI for each treatment strategy is then used as input to choice of design.