Towards a more systematic approach to secure systems design and analysis
The task of designing secure software systems is fraught with uncertainty, as data on uncommon attacks is limited, costs are difficult to estimate, and technology and tools are continually changing. Consequently, experts may interpret the security risks posed to a system in different ways, leading t...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Published: |
IGI Global
2013
|
| Subjects: | |
| Online Access: | https://eprints.nottingham.ac.uk/3341/ |
| _version_ | 1848791004510945280 |
|---|---|
| author | Miller, Simon Appleby, Susan Garibaldi, Jonathan M. Aickelin, Uwe |
| author_facet | Miller, Simon Appleby, Susan Garibaldi, Jonathan M. Aickelin, Uwe |
| author_sort | Miller, Simon |
| building | Nottingham Research Data Repository |
| collection | Online Access |
| description | The task of designing secure software systems is fraught with uncertainty, as data on uncommon attacks is limited, costs are difficult to estimate, and technology and tools are continually changing. Consequently, experts may interpret the security risks posed to a system in different ways, leading to variation in assessment. This paper presents research into measuring the variability in decision making between security professionals, with the ultimate goal of improving the quality of security advice given to software system designers. A set of thirty nine cyber-security experts took part in an exercise in which they independently assessed a realistic system scenario. This study quantifies agreement in the opinions of experts, examines methods of aggregating opinions, and produces an assessment of attacks from ratings of their components. We show that when aggregated, a coherent consensus view of security emerges which can be used to inform decisions made during systems design. |
| first_indexed | 2025-11-14T18:21:37Z |
| format | Article |
| id | nottingham-3341 |
| institution | University of Nottingham Malaysia Campus |
| institution_category | Local University |
| last_indexed | 2025-11-14T18:21:37Z |
| publishDate | 2013 |
| publisher | IGI Global |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | nottingham-33412020-05-04T20:19:42Z https://eprints.nottingham.ac.uk/3341/ Towards a more systematic approach to secure systems design and analysis Miller, Simon Appleby, Susan Garibaldi, Jonathan M. Aickelin, Uwe The task of designing secure software systems is fraught with uncertainty, as data on uncommon attacks is limited, costs are difficult to estimate, and technology and tools are continually changing. Consequently, experts may interpret the security risks posed to a system in different ways, leading to variation in assessment. This paper presents research into measuring the variability in decision making between security professionals, with the ultimate goal of improving the quality of security advice given to software system designers. A set of thirty nine cyber-security experts took part in an exercise in which they independently assessed a realistic system scenario. This study quantifies agreement in the opinions of experts, examines methods of aggregating opinions, and produces an assessment of attacks from ratings of their components. We show that when aggregated, a coherent consensus view of security emerges which can be used to inform decisions made during systems design. IGI Global 2013-01 Article PeerReviewed Miller, Simon, Appleby, Susan, Garibaldi, Jonathan M. and Aickelin, Uwe (2013) Towards a more systematic approach to secure systems design and analysis. International Journal of Secure Software Engineering, 4 (1). pp. 11-30. ISSN 1947-3036 Digital Economy http://www.igi-global.com/article/towards-more-systematic-approach-secure/76353 doi:10.4018/jsse.2013010102 doi:10.4018/jsse.2013010102 |
| spellingShingle | Digital Economy Miller, Simon Appleby, Susan Garibaldi, Jonathan M. Aickelin, Uwe Towards a more systematic approach to secure systems design and analysis |
| title | Towards a more systematic approach to secure systems design and analysis |
| title_full | Towards a more systematic approach to secure systems design and analysis |
| title_fullStr | Towards a more systematic approach to secure systems design and analysis |
| title_full_unstemmed | Towards a more systematic approach to secure systems design and analysis |
| title_short | Towards a more systematic approach to secure systems design and analysis |
| title_sort | towards a more systematic approach to secure systems design and analysis |
| topic | Digital Economy |
| url | https://eprints.nottingham.ac.uk/3341/ https://eprints.nottingham.ac.uk/3341/ https://eprints.nottingham.ac.uk/3341/ |