D.3.3 ALGORITHMS FOR INCREMENTAL ... - SecureChange
D.3.3 ALGORITHMS FOR INCREMENTAL ... - SecureChange
D.3.3 ALGORITHMS FOR INCREMENTAL ... - SecureChange
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
3 Orchestrating Requirements and Risk<br />
Assessment processes<br />
Changing requirements might give rise to potential security risks that in turn require<br />
some treatments to ensure and maintain an acceptable security risk level. Or treatment<br />
options that result from risk assessment may lead to new security requirements that<br />
should be included in the requirement model. Moreover, the requirement changes may<br />
involve new assets the risk level of which needs to be assessed. Thus, there is the<br />
need to trace changes to security knowledge such as assets, attacks and treatments to<br />
stakeholders' goals and security requirements and vice versa.<br />
Current industrial software/system engineering processes are supported by artifacts<br />
(documents, models, data bases) that are disjoint and cannot be fully integrated for a<br />
variety of reasons (separate engineering domains, outsourcing, confidentiality, etc.).<br />
Thus, the collaboration between risk analyst and requirement analyst in such<br />
processes is sometimes difficult, especially when a change occurs and they have to<br />
interact to keep the risk and the requirement models mutually consistent under change.<br />
The papers in Appendix A and B propose a possible solution to change propagation<br />
that is based on the orchestration of the requirement engineering and risk assessment<br />
processes. The orchestration relies upon mappings between key concepts of the<br />
requirement and the risk conceptual models.<br />
In section 3.1, weinstantiate the requirement and risk conceptual models, to SI* and<br />
CORAS respectively. However, alternative approaches to requirement engineering and<br />
risk analysis with similar underlying conceptual frameworks can be orchestrated by<br />
following the same approach. Indeed, the concepts that are mapped in the former --<br />
such as goal, resource, and task -- are in common to other goal-oriented approaches<br />
to requirement engineering. The same holds for asset and treatments that are key<br />
concepts in other risk analysis approaches. In section 3.2 we show that the same<br />
approach can be applied to SI* and Security DSML [19], which is a language and a tool<br />
developed to conduct security risk analysis in industry.<br />
In section 3.3 we also illustrate how argumentation analysis can be orchestrated with<br />
risk assessment.<br />
3.1 Orchestrating SI* and CORAS concepts and<br />
processes<br />
We have mapped concepts in SI* and CORAS that are used to represent assets that<br />
are critical for the achievement of organization's strategic objectives, and means to<br />
protect assets in a cost-effective manner. We have identified three conceptual<br />
mappings: ServiceToAsset, ServiceToTreatment and TreatmentToTask.<br />
• ServiceToAsset. A service that is linked to a soft goal by a “protects” relation<br />
which denotes a resource, a task or a goal that is of value for the organization<br />
and thus needs to be protected from harm. Since in CORAS, an asset is<br />
<strong>D.3.3</strong> Algorithms for Incremental Requirements Models<br />
Evaluation and Transformation| version 1.19 | page 11/136