Designing secure software systems: Combining goal-oriented modeling and risk management

Abstract

Software systems are broadly used to support the provision of e-services and the facilitation of business processes. Sensitive information is exchanged within such systems between human actors and software agents. As a consequence, their design should encompass security aspects in addition to functional ones, in order to provide an environment in which the users can achieve their goals while keeping their information secure. By reviewing the literature of the areas of security requirements engineering and risk management and surveying practitioners of the field, we identified the need for a structured approach that leads to security by design, taking into account the system’s extended socio-technical environment and managing risk, from the early stages of the development life-cycle. In this work we develop a structured method to integrate elements of risk management in the security requirements engineering process. By combining method fragments from established methods in the field of security requirements and risk management we construct a new method that uses the results of the risk evaluation and prioritization as input for the identification of user’s security needs, creating a complete socio-technical model of the system to-be. We apply this method in practice via a retrospective case study, in order to evaluate its completeness and performance. This application of our method in practice shows promising results, as the method is able to accurately model the studied system and uncover a number of previously unidentified security requirements.