Evaluation Framework for Software Security Requirements Engineering Tools

Tarkvaraarenduses on nõuded kui süsteemi vundament, mis vastutavad ka ebaõnnestumiste eest. Valed nõuded võivad viia tarkvara eripäradeni, mis tegelikult ei vasta spetsifikatsioonidele. Sel põhjusel peetakse nõuete koostamist kõige keerulisemaks ja olulisemaks sammuks tarkvaraarenduse elutsükli kõikide protsesside jooksul. Tänapäeval, kus küberrünnakud on \n\rtavalised, mängivad turvalisuse nõuded väga olulist rolli tarkvaraarenduse protsessis. On levimas uut tüüpi tööriistad, mille kasutamist peetakse kõige efektiivsemaks meetodiks turvalisusnõuete väljatöötamisel. Lisaks võimaldavad need tööriistad lahendada turvalisusega seotud küsimusi kasutajal endal, hoides märgatavalt kokku inseneride aega. Siiski on nende tööriistade \n\rareng alles algstaadiumis ning neid ei ole tarkvarainseneride poolt massiliselt kasutusele võetud. Põhjus on väga pikas uue tarkvara õppimise ja sellega kohanemise protsessis, mis põhjustab ajakadu arendusprotsessis ning lisab projektile kulusid. Projekti jaoks konkreetse tööriista valimisel võib tutvumine ja katsetamine võtta inseneridel hulgaliselt aega. Lisaks sellele võib struktureerimata valikuprotsess viia vale tööriista kasutuselevõtmisele, mis raiskab omakorda kõigi aega ja pingutusi. Selles uurimuses kavatseme me koostada struktureeritud lähenemise, mis aitab insenere turvaliste tööriistade valimisel. Protsessile kaasaaitamiseks saavad analüütikud ja arhitektid hinnata tarkvara omadusi, mida nad enda seisukohast olulisimateks peavad. Sellest lähtuvalt saavad nad valida kindlate tööriistade vahel ning teha parima valiku. \n\rAntud uurimustöös konstrueeritud lähenemisega on võimalik säästa aega, vaeva ja kulutusi. Uurimuse koostamise käigus uurime me tarkvaraarenduse turvaprotsesse, meetodeid ja tööriistu ning püüame luua raamistikku, mis oleks inseneridele turvalisusnõuete tööriistade hindamisel abiks.In software development requirements are considered as building blocks of software system, which also are considered to be responsible in event of failure. Bad requirements can lead to software features that are not to the specifications. For that reason requirement gathering process is considered as the most sensitive and complicated process among all software engineering lifecycle processes. In current age where cyber-attacks are common security requirements also comes into place and plays a very important role in software development process. In order to elicit security requirements new type of tools are begin to form a shape called security engineering tools which help in eliciting security requirements. That considered being the most efficient way of eliciting security requirements. Moreover these tools empower users with artifacts specifically to cater security needs, which save time and efforts for engineers in return. Nevertheless these tools are still at their infantry and are lacking mass adoption by software security engineers. Reason because these tools have steep learning curve which can add-up to development time and end up pushing more cost to the project. In order to decide which tool to select for a particular project require engineers to use these tools which in return will consume tremendous amount of time. Moreover using unstructured tool selection process can also leads to wrong tool selection which will be the waste of time and efforts. In this research work we are going to construct structured approach which will help engineers in security engineering tool selection process. In order to aid this process analysts and architects will be able to rate the features they want the most in a particular security engineering tool. In return from this process they will be able to choose between security engineering tools and select the best one. Finally using approach constructed in this research work will save time, efforts, and costs. In our approach we will analyze security engineering processes, methods and tools, to construct a framework that will help aid engineers in security engineering tool evaluation process

Estimating ToE Risk Level using CVSS

Security management is about calculated risk and requires continuous evaluation to ensure cost, time and resource effectiveness. Parts of which is to make future-oriented, cost-benefit investments in security. Security investments must adhere to healthy business principles where both security and financial aspects play an important role. Information on the current and potential risk level is essential to successfully trade-off security and financial aspects. Risk level is the combination of the frequency and impact of a potential unwanted event, often referred to as a security threat or misuse. The paper presents a risk level estimation model that derives risk level as a conditional probability over frequency and impact estimates. The frequency and impact estimates are derived from a set of attributes specified in the Common Vulnerability Scoring System (CVSS). The model works on the level of vulnerabilities (just as the CVSS) and is able to compose vulnerabilities into service levels. The service levels define the potential risk levels and are modelled as a Markov process, which are then used to predict the risk level at a particular time

The use of teledermatology for the diagnosis of skin cancer in adults

Background Early accurate detection of all skin cancer types is essential to guide appropriate management and to improve morbidity and survival. Melanoma and squamous cell carcinoma (SCC) are high risk skin cancers which have the potential to metastasise and ultimately lead to death, whereas basal cell carcinoma (BCC) is usually localised with potential to infiltrate and damage surrounding tissue. Anxiety around missing early curable cases needs to be balanced against inappropriate referral and unnecessary excision of benign lesions. Teledermatology provides a way for generalist clinicians to access the opinion of a specialist dermatologist for skin lesions that they consider to be suspicious without referring the patients concerned through the normal referral pathway. Teledermatology consultations can be ‘store-and-forward’ with electronic digital images of a lesion sent to a dermatologist for review at a later time, or can be live and interactive consultations using video conferencing to connect the patient, referrer and dermatologist in real time. Objectives To determine the diagnostic accuracy of teledermatology for the detection of any skin cancer (melanoma, BCC or cSCC) inNIH

Empirical evaluation of information security risk assessment framework GBM-OA

Abstract. Importance of information security is rapidly increasing when new security breaches are continuously reported by companies and organizations. These breaches cause loss of confidentiality, reputation and revenue for companies and organizations. They can also get legal penalties due lack of information security. To improve information security, companies and organizations are required to conduct assessment and audits for their systems to make sure that they do not have open critical vulnerabilities. In addition, information security risks need to be evaluated as part of companies’ and organizations’ risk management to prepare against possible attackers. Multiple different information security risk assessment frameworks have been developed to help companies and organizations to conduct information security risk assessment. To find out which framework is suitable for their needs, management needs to compare the different frameworks, estimate how much time and how many people are available for the assessment and how the frameworks have worked previously in the context. In this thesis, suitability of genre-based security risk assessment framework GBM-OA is evaluated in context of centralized CI/CD environment. A canonical action research was conducted in a team providing centralized CI/CD solution for the company’s projects. In the study, information security risk assessment was conducted using GBM-OA, and after the assessment semi-structured interviews were conducted for the participants to find out if the framework was suitable in the context. The findings show that the framework provided sufficient results for the team without taking much time from the participants. Additionally, participants found value in definition of environment, which helps the team to understand how responsibilities are split to different stakeholders. Downsides were confusing terminology used in the framework and filling of the templates was found compelling. About suitability, it was found that the framework is not suitable in the context as it is. Participants did not like that the assessment should be done separately, but it should be integrated into automation or development cycle. Right now, there is not any instructions regarding integration or iteration, even though it is stated that it is possible. Participants also provided improvement suggestions to add step to the framework for risk impact definition

Evolution of security engineering artifacts: a state of the art survey

Security is an important quality aspect of modern open software systems. However, it is challenging to keep such systems secure because of evolution. Security evolution can only be managed adequately if it is considered for all artifacts throughout the software development lifecycle. This article provides state of the art on the evolution of security engineering artifacts. The article covers the state of the art on evolution of security requirements, security architectures, secure code, security tests, security models, and security risks as well as security monitoring. For each of these artifacts the authors give an overview of evolution and security aspects and discuss the state of the art on its security evolution in detail. Based on this comprehensive survey, they summarize key issues and discuss directions of future research

The use of teledermatology for the diagnosis of skin cancer in adults

Background: Early accurate detection of all skin cancer types is essential to guide appropriate management and to improve morbidity and survival. Melanoma and squamous cell carcinoma (SCC) are high risk skin cancers which have the potential to metastasise and ultimately lead to death, whereas basal cell carcinoma (BCC) is usually localised with potential to infiltrate and damage surrounding tissue. Anxiety around missing early curable cases needs to be balanced against inappropriate referral and unnecessary excision of benign lesions. Teledermatology provides a way for generalist clinicians to access the opinion of a specialist dermatologist for skin lesions that they consider to be suspicious without referring the patients concerned through the normal referral pathway. Teledermatology consultations can be ‘store-and-forward’ with electronic digital images of a lesion sent to a dermatologist for review at a later time, or can be live and interactive consultations using video conferencing to connect the patient, referrer and dermatologist in real time. Objectives: To determine the diagnostic accuracy of teledermatology for the detection of any skin cancer (melanoma, BCC or cSCC) in adults, and to compare its accuracy with that of in-person diagnosis. Search methods: We undertook a comprehensive search of the following databases from inception up to August 2016: Cochrane Central Register of Controlled Trials; MEDLINE; EMBASE; CINAHL; CPCI; Zetoc; Science Citation Index; US National Institutes of Health Ongoing Trials Register; NIHR Clinical Research Network Portfolio Database; and the World Health Organization International Clinical Trials Registry Platform. We studied reference lists and published systematic review articles. Selection criteria: Studies evaluating skin cancer diagnosis for teledermatology alone, or in comparison with face-to-face diagnosis by a specialist clinician, compared with a reference standard of histological confirmation or clinical follow-up and expert opinion. Studies evaluating the referral accuracy of teledermatology compared with a reference standard of face-to-face diagnosis by a specialist clinician were also included. Data collection and analysis: Two review authors independently extracted all data using a standardised data extraction and quality assessment form (based on QUADAS-2). We contacted authors of included studies where information related to the target condition of any skin cancer was missing. Data permitting, we estimated summary sensitivities and specificities using the bivariate hierarchical model. Due to scarcity of data, no covariate investigations were undertaken for this review. For illustrative purposes, estimates of sensitivity and specificity were plotted on coupled forest plots for diagnostic threshold and target condition under consideration. Main results: Twenty-two studies were included reporting diagnostic accuracy data for 4057 lesions and 879 malignant cases (16 studies) and referral accuracy data for reported data for 1449 lesions and 270 ‘positive’ cases as determined by the reference standard face-to-face decision (six studies). Methodological quality was variable with poor reporting hindering assessment. The overall risk of bias was rated as high or unclear for participant selection, reference standard and participant flow and timing in at least half of all studies; the majority were considered at low risk of bias for the index test. The applicability of study findings were of high or unclear concern for the majority of studies in all domains assessed due to the recruitment of study participants from secondary care settings or specialist clinics rather than from the primary or community-based settings in which teledermatology is more likely to be used and due to the acquisition of lesion images by dermatologists or in specialist imaging units rather than by primary care clinicians. Seven studies provided data for the primary target condition of any skin cancer (1588 lesions and 638 malignancies). For the correct diagnosis of lesions as malignant using photographic images, summary sensitivity was 94.9% (95% CI 90.1 to 97.4%) and summary specificity 84.3% (95% CI 48.5 to 96.8%) (from four studies). Individual study estimates using dermoscopic images or a combination of photographic and dermoscopic images generally suggested similarly high sensitivities with highly variable specificities. Limited comparative data suggested similar diagnostic accuracy between teledermatology assessment and in-person diagnosis by a dermatologist; however, data were too scarce to draw firm conclusions. For the detection of invasive melanoma or atypical intraepidermal melanocytic variants both sensitivities and specificities were more variable. Sensitivities ranged from 59% (95% CI 42% to 74%) to 100% (95% CI 54% to 100%) and specificities from 30% (95% CI 22% to 40%) to 100% (95% CI 93% to 100%), with reported diagnostic thresholds including the correct diagnosis of melanoma, classification of lesions as ‘atypical’ or ‘typical as well as the decision to refer or to excise a lesion. Referral accuracy data comparing teledermatology against a face-to-face reference standard suggested good agreement for lesions considered to require some positive action by face to face assessment (sensitivities of over 90%). For lesions considered of less concern when assessed face-to-face (e.g. for those not recommended for excision or referral), agreement was more variable with teledermatology specificities ranging from 57% (95% CI 39 to 73%) to 100% (95% CI 86% to 100%), suggesting that remote assessment is more likely recommend excision, referral or follow-up compared to in-person decisions. Authors' conclusions: Studies were generally small and heterogeneous and methodological quality was difficult to judge due to poor reporting. Bearing in mind concerns regarding the applicability of study participants and of lesion image acquisition in specialist settings, our results suggest that teledermatology can correctly identify the majority of malignant lesions. Using a more widely defined threshold to identify ‘possibly’ malignant cases or lesions that should be considered for excision is likely to appropriately triage those lesions requiring face-to-face assessment by a specialist. Despite the increasing use of teledermatology on an international level, the evidence base to support its ability to accurately diagnose lesions and to triage lesions from primary to secondary care is lacking and further prospective and pragmatic evaluation is needed

Decision support for choice of security solution: the Aspect-Oriented Risk Driven Development (AORDD)framework

In security assessment and management there is no single correct solution to the identified security problems or challenges. Instead there are only choices and tradeoffs. The main reason for this is that modern information systems and security critical information systems in particular must perform at the contracted or expected security level, make effective use of available resources and meet end-users' expectations. Balancing these needs while also fulfilling development, project and financial perspectives, such as budget and TTM constraints, mean that decision makers have to evaluate alternative security solutions.\ud \ud This work describes parts of an approach that supports decision makers in choosing one or a set of security solutions among alternatives. The approach is called the Aspect-Oriented Risk Driven Development (AORDD) framework, combines Aspect-Oriented Modeling (AOM) and Risk Driven Development (RDD) techniques and consists of the seven components: (1) An iterative AORDD process. (2) Security solution aspect repository. (3) Estimation repository to store experience from estimation of security risks and security solution variables involved in security solution decisions. (4) RDD annotation rules for security risk and security solution variable estimation. (5) The AORDD security solution trade-off analysis and trade-o¤ tool BBN topology. (6) Rule set for how to transfer RDD information from the annotated UML diagrams into the trad-off tool BBN topology. (7) Trust-based information aggregation schema to aggregate disparate information in the trade-o¤ tool BBN topology. This work focuses on components 5 and 7, which are the two core components in the AORDD framework

An evaluation of CORAS

An Evaluation of CORAS By Jenny B. Hougen The goal of the research was to continue the research of CORAS with the purpose of evaluate and improve the CORAS framework. The research consisted of two main investigations: „P Investigate parts of the CORAS framework „P Investigate organisations use and need of IT-security standards In order to limit the research there were created thesis success criteria. The main purpose of this research was to evaluate these success criteria. To be able to answer the success criteria a number of hypotheses were formulated. This paper has given an account for the evaluation of these hypotheses and a discussion of whether the thesis success criteria are fulfilled. The hypotheses were compared with evidence from two investigations: „P A field trial in the Agresso organisation: A full security analysis of industrial scale was accomplished in the Agresso organisation. During the analysis results were collected. „P An IT-security standards survey: Twenty organisations answered a questionnaire about their relations to IT-security standard

Extension and Application of Event-driven Process Chain for Information System Security Risk Management

Turvatehnika konstrueerimine on üks suuremaid murekohti süsteemi arenduses ja sellele tuleks tähelepanu pöörata kogu arendusprotsessi jooksul. Turvaliseks modelleerimiseks on mitmeid erinevaid keeli, mis aitavad hallata turvariske juba nõuete staadiumis. Käesolevas töös keskendutakse esmalt Event-driven Process Chain (EPC)-le, mida kasutatakse äriprotsesside modelleerimisel. Täpsemalt öeldes uuritakse, kuidas antud keel toetab infosüsteemi turberiskihaldust (ISSRM). Uurimuse eesmärk on välja selgitada EPC jaoks vajalikud turbenõuded. Nende tulemusena saame vastavustabeli EPC konstruktsioonide ja ISSRM domeeni mudeli kontseptide vahel. Järgnevalt laiendame EPC keelt ja selle konstruktsioone EPC ja ISSRM vastavustabeli seostega. Tekkinud laiendatud keelt kutsume “Security-Oriented EPC”. Laiendatud modelleerimiskeel sisaldab uut konstruktsioonide kogumikku, mis viitab ISSRM kontseptidele. Olles selgitanud turvanõuete olulisust varajases arendusstaadiumis, esitleme töötluse suunised, et viia ellu tõlked Security-Oriented EPC ja Mal-Activity Diagrams (MAD) vahel. Meie ettepanek põhineb EPC keele süstemaatiliste ja maandatud laiendustel ja selle vastastikusest sõltuvusest ISSRM domeeni mudelisse. Vastavuses olevad tulemused aitavad ärianalüütikutel mõista, kuidas modelleerida turvariske süsteemi nõuete ja disainimise staadiumites. Lisaks annavad töötluse tulemused võimaluse koostööks erinevate modelleerimiskeelte vahel, mida analüüsitakse kasutades sama kontseptuaalset raamistikku.Security engineering is one of the important concerns during the system development and it should be addressed throughout the whole system development process. Besides, there are several languages for security modeling that help dealing with security risk management at the requirements stage. In this thesis, first of all, we are focusing on Event-driven Process Chain (EPC), which is used during the business process modeling. More specifically, we investigate how this language supports information system security risk management (ISSRM). The purpose of this investigation is the problem of security requirements need of EPC. As a result, we obtain an alignment table between EPC constructs and ISSRM domain model concepts. Next, we extend the EPC language and its constructs with respect to the alignment table between EPC and ISSRM. As a consequence, we call the extended language as “Security-Oriented EPC”. The extended language contains new set of constructs which refer to ISSRM concepts. Lastly, after clarifying the importance of security requirements at the early system development, we present transformation guidelines to perform forward model translations from Security-Oriented EPC to Mal-Activity Diagrams (MAD). During the transformation, our proposal is based on the systematic and grounded extensions of EPC language and its interdependency to the domain model of ISSRM. Alignment results may help business analysts understand how to model security risks at the system requirement and design stages. Also, transformation results pave the way for interoperability between the modeling languages that are analysed using the same conceptual framework