Decision Support for Choice of Security Solution: The Aspect-Oriented Risk Driven Development (AORDD)Framework

S.H. Houmb

    Research output: ThesisPhD Thesis - Research external, graduation external

    129 Downloads (Pure)

    Abstract

    In security assessment and management there is no single correct solution to the identified security problems or challenges. Instead there are only choices and tradeoffs. The main reason for this is that modern information systems and security critical information systems in particular must perform at the contracted or expected security level, make effective use of available resources and meet end-users' expectations. Balancing these needs while also fulfilling development, project and financial perspectives, such as budget and TTM constraints, mean that decision makers have to evaluate alternative security solutions. This work describes parts of an approach that supports decision makers in choosing one or a set of security solutions among alternatives. The approach is called the Aspect-Oriented Risk Driven Development (AORDD) framework, combines Aspect-Oriented Modeling (AOM) and Risk Driven Development (RDD) techniques and consists of the seven components: (1) An iterative AORDD process. (2) Security solution aspect repository. (3) Estimation repository to store experience from estimation of security risks and security solution variables involved in security solution decisions. (4) RDD annotation rules for security risk and security solution variable estimation. (5) The AORDD security solution trade-off analysis and trade-o¤ tool BBN topology. (6) Rule set for how to transfer RDD information from the annotated UML diagrams into the trad-off tool BBN topology. (7) Trust-based information aggregation schema to aggregate disparate information in the trade-o¤ tool BBN topology. This work focuses on components 5 and 7, which are the two core components in the AORDD framework.
    Original languageUndefined
    Awarding Institution
    • Norwegian University of Science and Technology
    Supervisors/Advisors
    • Houmb, S.H., Supervisor
    • Stålhane, T., Supervisor
    Award date30 Nov 2007
    Place of PublicationTrondheim
    Publisher
    Print ISBNs978-82-471-4588-3
    Publication statusPublished - 30 Nov 2007

    Keywords

    • IR-67423
    • EWI-11686
    • METIS-247094

    Cite this

    Houmb, S. H. (2007). Decision Support for Choice of Security Solution: The Aspect-Oriented Risk Driven Development (AORDD)Framework. Trondheim: Norwegian University of Science and Technology.