Shamal Faily
To boldly go where invention isn't secure: applying security entrepreneurship to secure systems design.
Faily, Shamal; Fl�chais, Ivan
Authors
Ivan Fl�chais
Abstract
When designing secure systems, we are inundated with an eclectic mix of security and non-security requirements; this makes predicting a successful outcome from the universe of possible security design decisions a difficult problem. We propose augmenting the process of security design with the paradigm of Security Entrepreneurship: the application of innovation models and principles to organise, create, and manage security design elements to bring about improved system security. We propose three initial Security Entrepreneurship techniques as examples of this paradigm, describe how their underlying models align with secure systems design, and help predict the social and technical impact of possible design decisions. We also pose a number of thought experiments, and suggest possible research agendas for Security Entrepreneurship.
Citation
FAILY, S. and FLÉCHAIS, I. 2010. To boldly go where invention isn't secure: applying security entrepreneurship to secure systems design. In Proceedings of the 2010 New security paradigms workshop (NSPW 2010), 21-23 September 2010, Concord, USA. New York: ACM [online], pages 73-84. Available from: https://doi.org/10.1145/1900546.1900557
Conference Name | 2010 New security paradigms workshop (NSPW 2010) |
---|---|
Conference Location | Concord, USA |
Start Date | Sep 21, 2010 |
End Date | Sep 23, 2010 |
Acceptance Date | Sep 21, 2010 |
Online Publication Date | Sep 30, 2010 |
Publication Date | Dec 31, 2010 |
Deposit Date | Dec 15, 2021 |
Publicly Available Date | Mar 28, 2024 |
Publisher | Association for Computing Machinery (ACM) |
Pages | 73-84 |
ISBN | 9781450304153 |
DOI | https://doi.org/10.1145/1900546.1900557 |
Keywords | Systems security; Security risk analysis; Requirements engineering; Software engineering; Entrepreneurship |
Public URL | https://rgu-repository.worktribe.com/output/1427813 |
Files
FAILY 2010 To boldly go where invention
(720 Kb)
PDF
You might also like
Programming language evaluation criteria for safety-critical software in the air domain.
(2022)
Conference Proceeding
Privacy goals for the data lifecycle.
(2022)
Journal Article
Automation and cyber security risks on the railways: the human factors implications.
(2022)
Presentation / Conference
Integrated design framework for facilitating systems-theoretic process analysis.
(2022)
Conference Proceeding
Cybersecurity user requirements analysis: the ECHO approach.
(2022)
Conference Proceeding
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search