1 / 21

Structuring Knowledge for a Security Trade-offs Knowledge Base

libitha
Télécharger la présentation

Structuring Knowledge for a Security Trade-offs Knowledge Base

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. 1 Structuring Knowledge for a Security Trade-offs Knowledge Base Golnaz Elahi Department of Computer Science Eric Yu Faculty of Information Study University of Toronto

    2. 2 Strategic Dependencies among Actors

    3. 3 Modelling Strategic Actor Relationships and Rationales -the i* modelling framework Strategic Actors: have goals, beliefs, abilities, commitments are semi-autonomous freedom of action, constrained by relationships with others not fully knowable or controllable has knowledge to guide action, but only partially explicit depend on each other for goals to be achieved, tasks to be performed, resources to be furnished

    4. 4 Strategic Rationales about alternative configurations of relationships with other actors Why? How? How else?

    5. 5 i* Evaluation Procedure Semi-automatable propagation of qualitative evaluation labels uses evaluation guidelines and human judgment.

    6. 6 Security Trade-offs Modeling and Analysis using i*

    7. 7 Structuring Knowledge for a Security Trade-offs Knowledge Base A Goal-Oriented Approach

    8. 8 Problems

    9. 9 Security Knowledge Sources Textbooks Guidelines Standards Checklists Documentation from past projects Security Design Patterns Structured Catalogues & Knowledge Bases Go directly to the schema Go directly to the schema

    10. Excerpt from the NIST 800-36 guidelines 10 Structuring Knowledge

    11. 11 Motivations and Questions

    12. 12 Analyzing the Structure of the Knowledge in the NIST 800-36 Guidelines Trade-offs are expressed explicitly by capturing the contributions and side effects. Missing point from the source are detected. Trade-offs are expressed explicitly by capturing the contributions and side effects. Missing point from the source are detected.

    13. 13 The KB Schema

    14. 14 Example of Structured Knowledge

    15. 15 Reusable Unit of Knowledge

    16. 16 Reusable Unit of Knowledge

    17. 17 Reusable Unit of Knowledge

    18. 18 Reusable Unit of Knowledge: Example

    19. 19 Conclusion Trade-offs between competing goals and the alternative solutions are expressed by relating consequences of applying each alternative to the goals. The knowledge models enable goal model evaluation techniques to evaluate the goals satisfaction. During the process modeling, missing points and relationships are discovered.

    20. 20 Limitations and Ongoing work The visual goal-oriented knowledge models are not well scalable This makes the browsing, understating, and analyzing knowledge expressed in the visual goal models difficult. Therefore, to solve the scalability problem 1. It is needed to store the goal-oriented knowledge structure in goal-oriented text formats. 2. It is required to have query languages to extract a fragment of the large chunk of knowledge. 3. The unit of knowledge to extract from the KB needs to be defined.

    21. 21 References: [Mead 05] Mead, N. R., McGraw, G., A portal for software security, IEEE Security & Privacy, 2(4), 75-79 (2005) [Barnum 05] Barnum, S., McGraw, G., Knowledge for software security, IEEE Security & Privacy 3(2), 74-78 (2005) [NIST 800-36] Grance, T., Stevens, M., Myers, M., Guide to Selecting Information Technology Security Products, Recommendations of the National Institute of Standards and Technology, NIST Special Publication 800-36 (2003) [ER07] G. Elahi, E. Yu, A goal oriented approach for modeling and analyzing security trade-offs, In Proceeding of 26th International Conference of Conceptual Modeling, 2007, 375-390. [RE03] L. Liu, E. Yu, J. Mylopoulos, Security and Privacy Requirements Analysis within a Social Setting. In IEEE Joint Int. Conf. on Requirements Engineering, 2003, 151-161.

More Related