Empirical Assessment of Security Requirements and Architecture: Lessons Learned

IRIS

Over the past three years, our groups at the University of Leuven and the University of Trento have been conducting a number of experimental studies. In particular, two common themes can be easily identified within our work. First, we have investigated the value of several threat modeling and risk assessment techniques. The second theme relates to the problem of preserving security over time, i.e., security evolution. Although the empirical results obtained in our studies are interesting on their own, the main goal of this chapter is to share our experience. The objective is to provide useful, hands-on insight on this type of research work so that the work of other researchers in the community would be facilitated. The contribution of this chapter is the discussion of the challenges we faced during our experimental work. Contextually, we also outline those solutions that worked out in our studies and could be reused in the field by other studies.

Empirical Assessment of Security Requirements and Architecture: Lessons Learned

Scandariato, Riccardo;Paci, Federica;Tran, Le Minh Sang;Labunets, Katsiaryna;Yskout, Koen;Massacci, Fabio;Joosen, Wouter

2014-01-01

Abstract

Over the past three years, our groups at the University of Leuven and the University of Trento have been conducting a number of experimental studies. In particular, two common themes can be easily identified within our work. First, we have investigated the value of several threat modeling and risk assessment techniques. The second theme relates to the problem of preserving security over time, i.e., security evolution. Although the empirical results obtained in our studies are interesting on their own, the main goal of this chapter is to share our experience. The objective is to provide useful, hands-on insight on this type of research work so that the work of other researchers in the community would be facilitated. The contribution of this chapter is the discussion of the challenges we faced during our experimental work. Contextually, we also outline those solutions that worked out in our studies and could be reused in the field by other studies.

Scheda breve

Scheda completa

Scheda completa (DC)

	Anno di pubblicazione (Date of publication)
	
				2014
			
	Titolo del libro (Book title)
	
				Engineering Secure Future Internet Services and Systems
			
	Luogo di edizione (Place of publication)
	
				Switzerland
			
	Casa editrice (Publisher)
	
				Springer International Publishing
			
	ISBN
	
				978-3-319-07451-1
			
	Tutti gli autori
	
						Scandariato, Riccardo; Paci, Federica; Tran, Le Minh Sang; Labunets, Katsiaryna; Yskout, Koen; Massacci, Fabio; Joosen, Wouter
					
	Appare nelle tipologie:
	
				02.1 Saggio su volume miscellaneo o Capitolo di libro (Essay or Book Chapter)

File in questo prodotto:

Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/117794

Citazioni

ND

3

ND

ND

social impact