Security requirement representation method for confidence of systems and networks

Hyung Jong Kim, Huy Kang Kim, Hae Young Lee

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

Software vulnerability is a key determiner of confidence in computer systems and networks. Usually, software requirements are listed at the beginning of software design, whereas vulnerabilities appear only after development is complete and sometimes only after the system is operational. Therefore, the security requirements during the design stage should address software vulnerabilities. This paper presents a method of representing software vulnerabilities as atomic vulnerabilities (AVs): an AV is an undividable cause-unit of vulnerability, and a set of AVs and the relationships among them represent software vulnerabilities. The AV concept originates from system theory and modeling methodology. AVs and the relationships among them can be used to construct a behavioral model of systems and networks with a focus on vulnerability. The logical relationships among AVs are named vulnerability expressions (VXs). With all the accumulated VXs of the systems and networks, we can set security requirements that resolve or circumvent vulnerabilities effectively and reinforce confidence in system and network robustness. The contribution of this paper is to use the concepts of AV and VX to derive the security requirements considering software vulnerabilities for secure systems and networks. The requirement derived can be used to complement the vulnerable situation caused by software that is developed without cognizance of security consideration.

Original languageEnglish
Pages (from-to)49-71
Number of pages23
JournalInternational Journal of Software Engineering and Knowledge Engineering
Volume20
Issue number1
DOIs
Publication statusPublished - 2010 Feb

Keywords

  • Confidence of system
  • DEVS formalism
  • Network
  • Security requirement
  • Software vulnerability
  • System theory

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Computer Graphics and Computer-Aided Design
  • Artificial Intelligence

Fingerprint Dive into the research topics of 'Security requirement representation method for confidence of systems and networks'. Together they form a unique fingerprint.

  • Cite this