主 催: NII 先端ソフトウェア工学国際研究センター(GRACEセンター)
協 賛: 情報処理学会ソフトウェア工学研究会
日 時:2008年6月9日(月)13:00-17:15
場 所:国立情報学研究所(NII) 12階会議室 (地図)
参加費:無料
お問い合わせ先:GRACEイベント窓口 (event-info _AT_ grace-center.jp)
Programme:
13:00-13:30: Openning and Introduction to GRACE and SSE Project
presentation slides: GRACE Center and Research, Introduction to SSE Project, Introduction to a our research activity
13:30-14:20: Title: Requirements Engineering for Improved Systems Security
Speaker: Nancy R. Mead, SEI, USA
presentation slides
14:20-15:10: Title: Towards Quantitative Goal Modelling of Security Requirements
Speaker: Emmanuel Letier, University College of London, UK
presentation slides
15:10-16:00: Title: Engineering Secure Software Systems through Social Analysis
Speaker: Lin Liu, Tsinghua University, China
Presentation slides are available for only attendees. Please contact us.
16:15-17:15 Panel Discussion: Future Challenges of Security Requirements
Chair: Bashar Nuseibeh, Open University, UK
Panelists:
Nancy R. Mead, SEI, USA
Emmanuel Letier, University College of London, UK
Lin Liu, Tsinghua University, China
Nobukazu Yoshioka, NII, Japan
Yasuyuki Tahara, The University of Electro-Communications, Japan
Shuichiro Yamamoto, NTT Data, Japan
Presentation slides are available for only attendees. Please contact us.
——————————————————————————–
Detailed information
Title: Requirements Engineering for Improved Systems Security
Speaker: Nancy R. Mead, SEI, USA
Abstract:
It is well recognized in industry that requirements engineering is critical to the success of any major development project. Security requirements, however, tend to be developed independently of the rest of the requirements engineering activity. As a result, security requirements that are specific to the system and that provide for protection of essential services and assets are often neglected.Through the SQUARE project, CERT researchers have developed an end-to-end process for security requirements engineering to help organizations build security into the early stages of the production life cycle. The SQUARE methodology consists of nine steps that generate a final deliverable of categorized and prioritized security requirements. The process has been baselined and several case studies with real-world clients have shown that the methodology holds good promise for incorporation into industry practice. CERT has prototyped a computer-aided software engineering (CASE) tool to support each stage of the SQUARE process.
Biography:
Nancy R. Mead is a senior member of the technical staff in the Networked Systems Survivability Program at the Software Engineering Institute (SEI). The CERT Coordination Center is a part of this program. Mead is also a faculty member in the Master of Software Engineering and Master of Information Systems Management programs at Carnegie Mellon University. She is currently involved in the study of secure systems engineering and the development of professional infrastructure for software engineers. She also served as director of education for the SEI from 1991 to 1994. Her research interests are in the areas of information security, software requirements engineering, and software architectures. Mead has more than 100 publications and invited presentations, and has a biographical citation in Whos Who in America. She is a Fellow of the Institute of Electrical and Electronic Engineers, Inc. (IEEE) and the IEEE Computer Society and is also a member of the Association for Computing Machinery (ACM). Mead is a member of numerous advisory boards and committees. Dr. Mead received her PhD in mathematics from the Polytechnic Institute of New York, and received a BA and an MS in mathematics from New York University.
Title: Towards Quantitative Goal Modelling of Security Requirements
Speaker: Emmanuel Letier, University College of London, UK
Abstract:
Security goals can generally not be satisfied in an absolute sense. They are often conflicting with other important concerns such as usability, cost, and performance, so that the amount of security provided by the system must be balanced against the satisfaction of other goals. Various qualitative and quantitative frameworks have been proposed to support reasoning about partial goal satisfaction in order to guide such tradeoffs. In general they lead to limited conclusions due to the lack of accuracy and measurability of goal formulations and contribution links. During this talk, we will present a framework for specifying partial degrees of goal satisfaction in a precise and measurable way, and for quantifying the impact of alternative system designs on the degree of goal satisfaction. The approach consists in enriching goal refinement models with a probabilistic layer for reasoning about partial satisfaction. We will explore the possibility of applying this framework to security goals. Excerpts from an industrial case study involving the elaboration of requirements for a financial fraud detection system will be used to illustrate the techniques and issues involved.
Biography:
Emmanuel Letier is lecturer and programme director for the MSc in Software Systems Engineering in the Department of Computer Science, University College London. His research interests are in systems requirements engineering, formal specification, and software design. http://www.cs.ucl.ac.uk/staff/e.letier/
Title: Engineering Secure Software Systems through Social Analysis
Engineering secure software systems requires a thorough understanding of the social setting within which the system-to-be will eventually operate. To obtain such an understanding, one needs to identify the players involved in the system’s operation, recognizing their personal preferences, agendas and powers in relation to other players. The analysis also needs to identify assets that need to be protected, as well as vulnerabilities where the system may fail when attacked. Equally important, the analyst needs to take rational steps to predict most likely attackers, knowing their possible motivations, and capabilities enabled by latest technologies and available resources. Only an integrated social analysis of both sides (attackers/protectors) can reveal the full space of tradeoffs among which the analyst must choose. Unfortunately, current system development practices treat design decisions on security in an ad-hoc way, often as an afterthought. During this talk, I will introduce a methodological framework based on i*, for dealing with security and privacy requirements. The framework supports a set of analysis techniques. In particular, attacker analysis helps identify potential system abusers and their malicious intents. Dependency vulnerability analysis helps detect vulnerabilities in terms of organizational relationships among stakeholders. Countermeasure analysis supports the dynamic decision-making process of defensive system players in addressing vulnerabilities and threats. Finally, access control analysis bridges the gap between security requirement models and security implementation models. The framework will be illustrated with example case studies. In addition, we discuss model evaluation techniques, including qualitative goal model analysis and property verification techniques based on model checking.
Biography:
Lin Liu is associate professor at the School of Software, Tsinghua University, Beijing, China. She received her Ph.D. in Computer Science from the Chinese Academy of Sciences. Her interests are in the areas of requirements engineering, knowledge management, software engineering, and service sciences. Her research emphasizes concepts and techniques for modelling and systematically analyzing social actors, and building intelligent software agents that can reason and learn.
