Abstract
In designing software systems, security is typically only one design objective among many. It may compete with other objectives such as functionality, usability, and performance. Too often, security mechanisms such as firewalls, access control, or encryption are adopted without explicit recognition of competing design objectives and their origins in stakeholders’ interests. Recently, there is increasing acknowledgement that security is ultimately about trade-offs. One can only aim for “good enough” security, given the competing demands from many parties. This paper investigates the criteria for a conceptual modeling technique for making security trade-offs. We examine how conceptual modeling can provide explicit and systematic support for modeling and analyzing security trade-offs. We examine several existing approaches for dealing with trade-offs and security trade-offs in particular. From analyzing the limitations of existing methods, we propose an extension to the i ∗ Framework for security trade-off analysis, taking advantage of its multi-agent and goal orientation. The method was applied to several case studies used to exemplify existing approaches. The resulting models developed using different approaches are compared.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
