Holistic Security Requirements Engineering for Socio-Technical Systems

Security has been a growing concern for large organizations, especially financial and gov- ernmental institutions, as security breaches in the systems they depend have repeatedly resulted in losses of billions per year, and this cost is on the rise. A primary reason for these breaches is the “socio-technical” nature of today’s systems that consist of an amal- gam of social and human actors, processes, technology and infrastructure. We refer to such systems as Socio-Technical Systems (STSs). Finding secure solutions for STSs is a difficult and error-prone task because of their heterogeneity and complexity. The thesis proposes a holistic security requirements analysis framework which catego- rizes system security concerns into three layers, including a social layer (social actors and business processes), a software layer (software applications that support the social layer) and an infrastructure layer (physical infrastructure, hardware, and devices). Within each layer, security requirements are elicited, and security mechanisms are designed to satisfy the security requirements. In particular, a cross-layer support link is defined to capture how security mechanisms deployed at one layer influence security requirements of the next layer down, allowing us to systematically and iteratively analyze security for all three layers and eventually produce holistic security solutions for the systems. To ensure the quality of the analysis of our approach and to promote practical adoption of the three-layer approach, the thesis includes two additional components. Firstly, we propose a holistic attack analysis, which takes an attacker’s perspective to explore realistic attacks that can happen to a system and thus contributes to the identification of critical security requirements. This approach consists of an attack strategy identification method which analyzes attacker’s alternative malicious intentions, and an attack strategy operationalization method which analyzes realistic attack actions that can be performed by attackers. Secondly, the thesis proposes a systematic approach for selecting and applying security patterns, which describe proven security solutions to known security problems. As such, analysts with little security knowledge can efficiently leverage reusable security knowledge to operationalize security requirements in terms of security mechanisms. This approach also allows us to systematically analyze and enforce the impact of deployed security mechanisms on system functional specifications. We have developed a prototype tool, which implements the formalized analysis methods of our three-layer framework and enables the semi-automatic application of our proposal. With the help of the tool, we apply our framework to two large-scale case studies so as to validate the efficacy of our approach.