Risk assessment as an argumentation game

Henry Prakken; Dan Ionita; Roelf J. Wieringa

doi:10.1007/978-3-642-40624-9_22

Risk assessment as an argumentation game

Henry Prakken, Dan Ionita, Roelf J. Wieringa

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

13 Citations (Scopus)

Abstract

This paper explores the idea that IT security risk assessment can be formalized as an argumentation game in which assessors argue about how the system can be attacked by a threat agent and defended by the assessors. A system architecture plus assumptions about the environment is specified as an ASPIC + argumentation theory, and an argument game is defined for exchanging arguments between assessors and hypothetical threat agents about whether the specification satisfies a given security requirement. Satisfaction is always partial and involves a risk assessment of the assessors. The game is dynamic in that the players can both add elements to and delete elements from the architecture specification. The game is shown to respect the underlying argumentation logic in that for any logically completed game ‘won’ by the defender, the security requirement is a justified conclusion from the architecture specification at that stage of the game.

Original language	Undefined
Title of host publication	14th International Workshop on Computational Logic in Multi-Agent Systems, CLIMA XIV
Editors	J. Leite, T.C. Son, P. Torrini, L. Van Der Torre, S. Woltran
Place of Publication	London
Publisher	Springer
Pages	357-373
Number of pages	17
ISBN (Print)	978-3-642-40623-2
DOIs	https://doi.org/10.1007/978-3-642-40624-9_22
Publication status	Published - Sep 2013
Event	14th International Workshop on Computational Logic in Multi-Agent Systems: 14th International Workshop on Computational Logic in Multi-Agent Systems, CLIMA XIV - Corunna, Spain Duration: 16 Sep 2013 → 18 Sep 2013 Conference number: 14th

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer Verlag
Volume	8143

Conference

Conference	14th International Workshop on Computational Logic in Multi-Agent Systems
Abbreviated title	CLIMA XIV
Country	Spain
City	Corunna
Period	16/09/13 → 18/09/13

Keywords

SCS-Services
EC Grant Agreement nr.: FP7/318003
METIS-300053
EC Grant Agreement nr.: FP7/2007-2013
IR-87983
EWI-23791

Access to Document

10.1007/978-3-642-40624-9_22

http://eprints.eemcs.utwente.nl/secure2/23791/01/Prakken_Ionita_Wieringa_-_Risk_assessment_as_an_argumentation_game.pdf

Cite this

Prakken, H., Ionita, D., & Wieringa, R. J. (2013). Risk assessment as an argumentation game. In J. Leite, T. C. Son, P. Torrini, L. Van Der Torre, & S. Woltran (Eds.), 14th International Workshop on Computational Logic in Multi-Agent Systems, CLIMA XIV (pp. 357-373). (Lecture Notes in Computer Science; Vol. 8143). Springer. https://doi.org/10.1007/978-3-642-40624-9_22

@inproceedings{a26373a5ff9f40c783281e8f1751390f,

title = "Risk assessment as an argumentation game",

abstract = "This paper explores the idea that IT security risk assessment can be formalized as an argumentation game in which assessors argue about how the system can be attacked by a threat agent and defended by the assessors. A system architecture plus assumptions about the environment is specified as an ASPIC + argumentation theory, and an argument game is defined for exchanging arguments between assessors and hypothetical threat agents about whether the specification satisfies a given security requirement. Satisfaction is always partial and involves a risk assessment of the assessors. The game is dynamic in that the players can both add elements to and delete elements from the architecture specification. The game is shown to respect the underlying argumentation logic in that for any logically completed game {\textquoteleft}won{\textquoteright} by the defender, the security requirement is a justified conclusion from the architecture specification at that stage of the game.",

keywords = "SCS-Services, EC Grant Agreement nr.: FP7/318003, METIS-300053, EC Grant Agreement nr.: FP7/2007-2013, IR-87983, EWI-23791",

author = "Henry Prakken and Dan Ionita and Wieringa, {Roelf J.}",

note = "Foreground = 50%; Type of activity = Conference; Main leader = UT; Type of audience = scientific community; Size of audience = 17; Countries addressed = international;; null ; Conference date: 16-09-2013 Through 18-09-2013",

year = "2013",

month = sep,

doi = "10.1007/978-3-642-40624-9_22",

language = "Undefined",

isbn = "978-3-642-40623-2",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "357--373",

editor = "J. Leite and T.C. Son and P. Torrini and {Van Der Torre}, L. and S. Woltran",

booktitle = "14th International Workshop on Computational Logic in Multi-Agent Systems, CLIMA XIV",

}

Prakken, H, Ionita, D & Wieringa, RJ 2013, Risk assessment as an argumentation game. in J Leite, TC Son, P Torrini, L Van Der Torre & S Woltran (eds), 14th International Workshop on Computational Logic in Multi-Agent Systems, CLIMA XIV. Lecture Notes in Computer Science, vol. 8143, Springer, London, pp. 357-373, 14th International Workshop on Computational Logic in Multi-Agent Systems, Corunna, Spain, 16/09/13. https://doi.org/10.1007/978-3-642-40624-9_22

Risk assessment as an argumentation game. / Prakken, Henry; Ionita, Dan; Wieringa, Roelf J.

14th International Workshop on Computational Logic in Multi-Agent Systems, CLIMA XIV. ed. / J. Leite; T.C. Son; P. Torrini; L. Van Der Torre; S. Woltran. London : Springer, 2013. p. 357-373 (Lecture Notes in Computer Science; Vol. 8143).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Risk assessment as an argumentation game

AU - Prakken, Henry

AU - Ionita, Dan

AU - Wieringa, Roelf J.

N1 - Conference code: 14th

PY - 2013/9

Y1 - 2013/9

N2 - This paper explores the idea that IT security risk assessment can be formalized as an argumentation game in which assessors argue about how the system can be attacked by a threat agent and defended by the assessors. A system architecture plus assumptions about the environment is specified as an ASPIC + argumentation theory, and an argument game is defined for exchanging arguments between assessors and hypothetical threat agents about whether the specification satisfies a given security requirement. Satisfaction is always partial and involves a risk assessment of the assessors. The game is dynamic in that the players can both add elements to and delete elements from the architecture specification. The game is shown to respect the underlying argumentation logic in that for any logically completed game ‘won’ by the defender, the security requirement is a justified conclusion from the architecture specification at that stage of the game.

AB - This paper explores the idea that IT security risk assessment can be formalized as an argumentation game in which assessors argue about how the system can be attacked by a threat agent and defended by the assessors. A system architecture plus assumptions about the environment is specified as an ASPIC + argumentation theory, and an argument game is defined for exchanging arguments between assessors and hypothetical threat agents about whether the specification satisfies a given security requirement. Satisfaction is always partial and involves a risk assessment of the assessors. The game is dynamic in that the players can both add elements to and delete elements from the architecture specification. The game is shown to respect the underlying argumentation logic in that for any logically completed game ‘won’ by the defender, the security requirement is a justified conclusion from the architecture specification at that stage of the game.

KW - SCS-Services

KW - EC Grant Agreement nr.: FP7/318003

KW - METIS-300053

KW - EC Grant Agreement nr.: FP7/2007-2013

KW - IR-87983

KW - EWI-23791

U2 - 10.1007/978-3-642-40624-9_22

DO - 10.1007/978-3-642-40624-9_22

M3 - Conference contribution

SN - 978-3-642-40623-2

T3 - Lecture Notes in Computer Science

SP - 357

EP - 373

BT - 14th International Workshop on Computational Logic in Multi-Agent Systems, CLIMA XIV

A2 - Leite, J.

A2 - Son, T.C.

A2 - Torrini, P.

A2 - Van Der Torre, L.

A2 - Woltran, S.

PB - Springer

CY - London

Y2 - 16 September 2013 through 18 September 2013

ER -