Simon Miller
Towards a more systematic approach to secure systems design and analysis
Miller, Simon; Appleby, Susan; Garibaldi, Jonathan M.; Aickelin, Uwe
Authors
Susan Appleby
Jonathan M. Garibaldi
Uwe Aickelin
Abstract
The task of designing secure software systems is fraught with uncertainty, as data on uncommon attacks is limited, costs are difficult to estimate, and technology and tools are continually changing. Consequently, experts may interpret the security risks posed to a system in different ways, leading to variation in assessment. This paper presents research into measuring the variability in decision making between security professionals, with the ultimate goal of improving the quality of security advice given to software system designers. A set of thirty nine cyber-security experts took part in an exercise in which they independently assessed a realistic system scenario. This study quantifies agreement in the opinions of experts, examines methods of aggregating opinions, and produces an assessment of attacks from ratings of their components. We show that when aggregated, a coherent consensus view of security emerges which can be used to inform decisions made during systems design.
Citation
Miller, S., Appleby, S., Garibaldi, J. M., & Aickelin, U. (2013). Towards a more systematic approach to secure systems design and analysis. International Journal of Secure Software Engineering, 4(1), https://doi.org/10.4018/jsse.2013010102
Journal Article Type | Article |
---|---|
Publication Date | Jan 1, 2013 |
Deposit Date | Sep 30, 2014 |
Publicly Available Date | Sep 30, 2014 |
Journal | International Journal of Secure Software Engineering |
Print ISSN | 1947-3036 |
Electronic ISSN | 1947-3044 |
Publisher | IGI Global |
Peer Reviewed | Peer Reviewed |
Volume | 4 |
Issue | 1 |
DOI | https://doi.org/10.4018/jsse.2013010102 |
Keywords | Digital, Economy |
Public URL | https://nottingham-repository.worktribe.com/output/1003091 |
Publisher URL | http://www.igi-global.com/article/towards-more-systematic-approach-secure/76353 |
Files
aickelin_permission_signed.pdf
(2.7 Mb)
PDF
You might also like
Modelling cyber-security experts' decision making processes using aggregation operators
(2016)
Journal Article
A simulated annealing approach to supplier selection aware inventory planning
(2015)
Presentation / Conference Contribution
From Interval-Valued Data to General Type-2 Fuzzy Sets
(2014)
Journal Article
Interval type-2 fuzzy modelling and stochastic search for real-world inventory management
(2012)
Journal Article
Explain the world – Using causality to facilitate better rules for fuzzy systems
(2024)
Journal Article
Downloadable Citations
About Repository@Nottingham
Administrator e-mail: discovery-access-systems@nottingham.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search