Shamal Faily
Evaluating the implications of attack and security patterns with premortems.
Faily, Shamal; Parkin, Simon; Lyle, John
Authors
Simon Parkin
John Lyle
Contributors
Clive Blackwell
Editor
Hong Zhu
Editor
Abstract
Security patterns are a useful way of describing, packaging and applying security knowledge which might otherwise be unavailable. However, because patterns represent partial knowledge of a problem and solution space, there is little certainty that addressing the consequences of one problem won't introduce or exacerbate another. Rather than using patterns exclusively to explore possible solutions to security problems, we can use them to better understand the security problem space. To this end, we present a framework for evaluating the implications of security and attack patterns using premortems: scenarios describing a failed system that invites reasons for its failure. We illustrate our approach using an example from the EU FP 7 webinos project.
Citation
FAILY, S., PARKIN, S. and LYLE, J. 2014. Evaluating the implications of attack and security patterns with premortems. In Blackwell, C. and Zhu, H. (eds.) Cyberpatterns: unifying design patterns with security and attack patterns. Cham: Springer [online], chapter 16, pages 199-209. Available from: https://doi.org/10.1007/978-3-319-04447-7_16
Online Publication Date | May 14, 2014 |
---|---|
Publication Date | Dec 31, 2014 |
Deposit Date | Sep 17, 2021 |
Publicly Available Date | Dec 7, 2021 |
Publisher | Springer |
Pages | 199-209 |
Book Title | Cyberpatterns: unifying design patterns with security and attack patterns |
Chapter Number | Chapter 16 |
ISBN | 9783319044460 ; 9783319352183 |
DOI | https://doi.org/10.1007/978-3-319-04447-7_16 |
Keywords | Security patterns; Attack patterns; Systems security; Security risk analysis; Software engineering |
Public URL | https://rgu-repository.worktribe.com/output/1446736 |
Files
FAILY 2014 Evaluating the implications of attack
(514 Kb)
PDF
You might also like
Programming language evaluation criteria for safety-critical software in the air domain.
(2022)
Conference Proceeding
Privacy goals for the data lifecycle.
(2022)
Journal Article
Automation and cyber security risks on the railways: the human factors implications.
(2022)
Presentation / Conference
Assessing system of systems information security risk with OASoSIS.
(2022)
Journal Article
Integrated design framework for facilitating systems-theoretic process analysis.
(2022)
Conference Proceeding
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search