Cost-benefit trade-off analysis using BBN for aspect-oriented risk-driven development
Houmb, S.H.; Georg, G.; France, R.; Bieman, J.; Jurjens, J.
Engineering of Complex Computer Systems, 2005. ICECCS 2005. Proceedings. 10th IEEE International Conference on
Volume , Issue , 16-20 June 2005 Page(s): 195 - 204
Digital Object Identifier 10.1109/ICECCS.2005.30
Summary: Security critical systems must perform at the required security level, make effective use of available resources, and meet end-users expectations. Balancing these needs, and at the same time fulfilling budget and time-to-market constraints, requires developers to design and evaluate alternative security treatment strategies. In this paper, the authors presented a development framework that utilizes Bayesian belief networks (BBN) and aspect-oriented modeling (AOM) for a cost-benefit trade-off analysis of treatment strategies. AOM allows developers to model pervasive security treatments separately from other system functionality. This eases the trade-off by making it possible to swap treatment strategies in and out when computing return on security investments (RoSI). The trade-off analysis is implemented using BBN, and RoSI is computed by estimating a set of variables describing properties of a treatment strategy. RoSI for each treatment strategy is then used as input to choice of design.
View citation and abstract |
Cart
