Supporting Risk Assessment with the Systematic Identification, Merging, and Validation of Security Goals

  • Daniel AngermeierEmail author
  • Alexander Nieding
  • Jörn Eichler
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10224)


Assessing security-related risks in software or systems engineering is a challenging task: often, a heterogeneous set of distributed stakeholders creates a complex system of (software) components which are highly connected to each other, consumer electronics, or Internet-based services. Changes during development are frequent and must be evaluated and handled efficiently. Consequently, risk assessment itself becomes a complex task and its results must be comprehensible by all actors in the distributed environment. Especially, systematic and repeatable identification of security goals based on a model of the system under development (SUD) is not well-supported in established methods. Thus, we demonstrate how the systematic identification, merging, and validation of security goals based on a model of the SUD in a concrete implementation of our method Modular Risk Assessment (MoRA) supports security engineers to handle this challenge.


Risk assessment Security goals Model-based Security engineering Method 


  1. 1.
    Board, C.C.E.: Common Methodology for Information Technology Security Evaluation – Version 3.1 – Revision 4. Evaluation methodology (2012)Google Scholar
  2. 2.
    BSI. Standard 100-1: Managementsysteme für Informationssicherheit (ISMS). Bonn: Bundesamt für Sicherheit in der Informationstechnik (2008)Google Scholar
  3. 3.
    BSI. Standard 100-2: IT-Grundschutz Vorgehensweise. Bonn: Bundesamt für Sicherheit in der Informationstechnik (2008)Google Scholar
  4. 4.
    BSI. Standard 100-3: Risikoanalyse auf der Basis von IT-Grundschutz. Bonn: Bundesamt für Sicherheit in der Informationstechnik (2008)Google Scholar
  5. 5.
    Eichler, J.: Model-based Security Engineering for Electronic Business Processes. PhD thesis, Technische Universität München (2015)Google Scholar
  6. 6.
    Eichler, J., Angermeier, D.: Modular risk assessment for the development of secure automotive systems. In: 31. VDI/VW-Gemeinschaftstagung Automotive Security (2015)Google Scholar
  7. 7.
    Islam, M.M., Lautenbach, A., Sandberg, C., Olovsson, T.: A risk assessment framework for automotive embedded systems. In: Proceedings of the 2nd ACM International Workshop on Cyber-Physical System Security, pp. 3–14. ACM (2016)Google Scholar
  8. 8.
    ISO/IEC. 15408-1: Information technology – security techniques – evaluation criteria for IT security – part 1: Introduction and general model (2009)Google Scholar
  9. 9.
    ISO/IEC. 31000: Risk management – principles and guidelines (2009)Google Scholar
  10. 10.
    ISO/IEC. 27005: Information technology – security techniques – information security risk management (2011)Google Scholar
  11. 11.
    Kohnfelder, L., Garg, P.: The threats to our products. Microsoft Interface, Microsoft Corporation (1999)Google Scholar
  12. 12.
    Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis: The CORAS Approach. Springer Science & Business Media, Heidelberg (2010)zbMATHGoogle Scholar
  13. 13.
    Mead, N.R., Stehney, T.: Security quality requirements engineering (SQUARE) methodology, vol. 30. ACM (2005)Google Scholar
  14. 14.
    Mellado, D., Fernández-Medina, E., Piattini, M.: A common criteria based security requirements engineering process for the development of secure information systems. Comput. Stan. Interfaces 29(2), 244–253 (2007)CrossRefGoogle Scholar
  15. 15.
    Mouratidis, H., Giorgini, P., Manson, G.: When security meets software engineering: a case of modelling secure information systems. Inf. Syst. 30(8), 609–629 (2005)CrossRefGoogle Scholar
  16. 16.
    O’Connor, M., Das, A.: SQWRL: a query language for OWL. In: Proceedings of the 6th International Conference on OWL: Experiences and Directions, vol. 529, pp. 208–215. (2009)Google Scholar
  17. 17.
    Salini, P., Kanmani, S.: Survey and analysis on security requirements engineering. Comput. Electr. Eng. 38(6), 1785–1797 (2012)CrossRefGoogle Scholar
  18. 18.
    Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)Google Scholar
  19. 19.
    Souag, A., Salinesi, C., Mazo, R., Comyn-Wattiau, I.: A security ontology for security requirements elicitation. In: Piessens, F., Caballero, J., Bielova, N. (eds.) ESSoS 2015. LNCS, vol. 8978, pp. 157–177. Springer, Cham (2015). doi: 10.1007/978-3-319-15618-7_13 Google Scholar
  20. 20.
    Tondel, I.A., Jaatun, M.G., Meland, P.H.: Security requirements for the rest of us: a survey. IEEE Softw. 25(1), 20–27 (2008)CrossRefGoogle Scholar
  21. 21.
    Weldemariam, K., Villafiorita, A.: Procedural security analysis: a methodological approach. J. Syst. Softw. 84(7), 1114–1129 (2011)CrossRefGoogle Scholar
  22. 22.
    Wynn, J., Whitmore, J., Upton, G., Spriggs, L., McKinnon, D., McInnes, R., Graubart, R., Clausen, L.: Threat assessment & remediation analysis (TARA): Methodology description version 1.0. Technical report, DTIC Document (2011)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Daniel Angermeier
    • 1
    Email author
  • Alexander Nieding
    • 1
  • Jörn Eichler
    • 1
  1. 1.Fraunhofer AISECGarching near MunichGermany

Personalised recommendations