Quantifying Satisfaction of Security Requirements of Cloud Software Systems
التاريخ
2023المؤلف
Nhlabatsi, ArmstrongKhan, Khaled MD
Hong, Jin B.
Kim, Dong Seong
Fernandez, Rachael
Fetais, Noora
...show more authors ...show less authors
البيانات الوصفية
عرض كامل للتسجيلةالملخص
The satisfaction of a software requirement is commonly stated as a Boolean value, that is, a security requirement is either satisfied (true) or not (false). However, a discrete Boolean value to measure the satisfaction level of a security requirement by deployed mechanisms is not very useful. Rather, it would be more effective if we could quantify the level of satisfaction of security requirements on a continuous scale. We propose an approach to achieve this for cloud software systems based on relationships between defense strength, exploitability of vulnerabilities, and attack severity. We extend the concept of entailment relationship from the field of requirements engineering with the satisfiability aspects of security requirements. The proposed approach enables us to systematically structure security concepts into three sets of related descriptions to quantify the satisfaction level of security requirements with the deployed security solutions. To demonstrate the feasibility of the proposed approach, we evaluate the approach in a case study. As a result, security administrators are able to deploy more effective and appropriate security solutions based on their assessment.
المجموعات
- علوم وهندسة الحاسب [2402 items ]
- الشبكات وخدمات البنية التحتية للمعلومات والبيانات [70 items ]