Decision Support for Choice of Security Solution: The Aspect-Oriented Risk Driven Development (AORDD)Framework

S.H. Houmb

Research output: ThesisPhD Thesis - Research external, graduation externalAcademic

79 Downloads (Pure)

Abstract

In security assessment and management there is no single correct solution to the identified security problems or challenges. Instead there are only choices and tradeoffs. The main reason for this is that modern information systems and security critical information systems in particular must perform at the contracted or expected security level, make effective use of available resources and meet end-users' expectations. Balancing these needs while also fulfilling development, project and financial perspectives, such as budget and TTM constraints, mean that decision makers have to evaluate alternative security solutions. This work describes parts of an approach that supports decision makers in choosing one or a set of security solutions among alternatives. The approach is called the Aspect-Oriented Risk Driven Development (AORDD) framework, combines Aspect-Oriented Modeling (AOM) and Risk Driven Development (RDD) techniques and consists of the seven components: (1) An iterative AORDD process. (2) Security solution aspect repository. (3) Estimation repository to store experience from estimation of security risks and security solution variables involved in security solution decisions. (4) RDD annotation rules for security risk and security solution variable estimation. (5) The AORDD security solution trade-off analysis and trade-o¤ tool BBN topology. (6) Rule set for how to transfer RDD information from the annotated UML diagrams into the trad-off tool BBN topology. (7) Trust-based information aggregation schema to aggregate disparate information in the trade-o¤ tool BBN topology. This work focuses on components 5 and 7, which are the two core components in the AORDD framework.
Original languageUndefined
Awarding Institution
  • Norwegian University of Science and Technology
Supervisors/Advisors
  • Houmb, S.H., Supervisor
  • Stålhane, T., Supervisor
Award date30 Nov 2007
Place of PublicationTrondheim
Publisher
Print ISBNs978-82-471-4588-3
Publication statusPublished - 30 Nov 2007

Keywords

  • IR-67423
  • EWI-11686
  • METIS-247094

Cite this

Houmb, S. H. (2007). Decision Support for Choice of Security Solution: The Aspect-Oriented Risk Driven Development (AORDD)Framework. Trondheim: Norwegian University of Science and Technology.
Houmb, S.H.. / Decision Support for Choice of Security Solution: The Aspect-Oriented Risk Driven Development (AORDD)Framework. Trondheim : Norwegian University of Science and Technology, 2007. 332 p.
@phdthesis{42564309374b4e58bd359efe6ae43f0a,
title = "Decision Support for Choice of Security Solution: The Aspect-Oriented Risk Driven Development (AORDD)Framework",
abstract = "In security assessment and management there is no single correct solution to the identified security problems or challenges. Instead there are only choices and tradeoffs. The main reason for this is that modern information systems and security critical information systems in particular must perform at the contracted or expected security level, make effective use of available resources and meet end-users' expectations. Balancing these needs while also fulfilling development, project and financial perspectives, such as budget and TTM constraints, mean that decision makers have to evaluate alternative security solutions. This work describes parts of an approach that supports decision makers in choosing one or a set of security solutions among alternatives. The approach is called the Aspect-Oriented Risk Driven Development (AORDD) framework, combines Aspect-Oriented Modeling (AOM) and Risk Driven Development (RDD) techniques and consists of the seven components: (1) An iterative AORDD process. (2) Security solution aspect repository. (3) Estimation repository to store experience from estimation of security risks and security solution variables involved in security solution decisions. (4) RDD annotation rules for security risk and security solution variable estimation. (5) The AORDD security solution trade-off analysis and trade-o¤ tool BBN topology. (6) Rule set for how to transfer RDD information from the annotated UML diagrams into the trad-off tool BBN topology. (7) Trust-based information aggregation schema to aggregate disparate information in the trade-o¤ tool BBN topology. This work focuses on components 5 and 7, which are the two core components in the AORDD framework.",
keywords = "IR-67423, EWI-11686, METIS-247094",
author = "S.H. Houmb",
note = "Doctoral thesis at NTNU, 2007:208",
year = "2007",
month = "11",
day = "30",
language = "Undefined",
isbn = "978-82-471-4588-3",
publisher = "Norwegian University of Science and Technology",
address = "Norway",
school = "Norwegian University of Science and Technology",

}

Houmb, SH 2007, 'Decision Support for Choice of Security Solution: The Aspect-Oriented Risk Driven Development (AORDD)Framework', Norwegian University of Science and Technology, Trondheim.

Decision Support for Choice of Security Solution: The Aspect-Oriented Risk Driven Development (AORDD)Framework. / Houmb, S.H.

Trondheim : Norwegian University of Science and Technology, 2007. 332 p.

Research output: ThesisPhD Thesis - Research external, graduation externalAcademic

TY - THES

T1 - Decision Support for Choice of Security Solution: The Aspect-Oriented Risk Driven Development (AORDD)Framework

AU - Houmb, S.H.

N1 - Doctoral thesis at NTNU, 2007:208

PY - 2007/11/30

Y1 - 2007/11/30

N2 - In security assessment and management there is no single correct solution to the identified security problems or challenges. Instead there are only choices and tradeoffs. The main reason for this is that modern information systems and security critical information systems in particular must perform at the contracted or expected security level, make effective use of available resources and meet end-users' expectations. Balancing these needs while also fulfilling development, project and financial perspectives, such as budget and TTM constraints, mean that decision makers have to evaluate alternative security solutions. This work describes parts of an approach that supports decision makers in choosing one or a set of security solutions among alternatives. The approach is called the Aspect-Oriented Risk Driven Development (AORDD) framework, combines Aspect-Oriented Modeling (AOM) and Risk Driven Development (RDD) techniques and consists of the seven components: (1) An iterative AORDD process. (2) Security solution aspect repository. (3) Estimation repository to store experience from estimation of security risks and security solution variables involved in security solution decisions. (4) RDD annotation rules for security risk and security solution variable estimation. (5) The AORDD security solution trade-off analysis and trade-o¤ tool BBN topology. (6) Rule set for how to transfer RDD information from the annotated UML diagrams into the trad-off tool BBN topology. (7) Trust-based information aggregation schema to aggregate disparate information in the trade-o¤ tool BBN topology. This work focuses on components 5 and 7, which are the two core components in the AORDD framework.

AB - In security assessment and management there is no single correct solution to the identified security problems or challenges. Instead there are only choices and tradeoffs. The main reason for this is that modern information systems and security critical information systems in particular must perform at the contracted or expected security level, make effective use of available resources and meet end-users' expectations. Balancing these needs while also fulfilling development, project and financial perspectives, such as budget and TTM constraints, mean that decision makers have to evaluate alternative security solutions. This work describes parts of an approach that supports decision makers in choosing one or a set of security solutions among alternatives. The approach is called the Aspect-Oriented Risk Driven Development (AORDD) framework, combines Aspect-Oriented Modeling (AOM) and Risk Driven Development (RDD) techniques and consists of the seven components: (1) An iterative AORDD process. (2) Security solution aspect repository. (3) Estimation repository to store experience from estimation of security risks and security solution variables involved in security solution decisions. (4) RDD annotation rules for security risk and security solution variable estimation. (5) The AORDD security solution trade-off analysis and trade-o¤ tool BBN topology. (6) Rule set for how to transfer RDD information from the annotated UML diagrams into the trad-off tool BBN topology. (7) Trust-based information aggregation schema to aggregate disparate information in the trade-o¤ tool BBN topology. This work focuses on components 5 and 7, which are the two core components in the AORDD framework.

KW - IR-67423

KW - EWI-11686

KW - METIS-247094

M3 - PhD Thesis - Research external, graduation external

SN - 978-82-471-4588-3

PB - Norwegian University of Science and Technology

CY - Trondheim

ER -

Houmb SH. Decision Support for Choice of Security Solution: The Aspect-Oriented Risk Driven Development (AORDD)Framework. Trondheim: Norwegian University of Science and Technology, 2007. 332 p.