Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec

Building secure systems is difficult for many reasons. This paper deals with two of the main challenges: (i) the lack of security expertise in development teams, and (ii) the inadequacy of existing methodologies to support developers who are not security experts. The security standard ISO 14508 (Common Criteria) together with secure design techniques such as UMLsec can provide the security expertise, knowledge, and guidelines that are needed. However, security expertise and guidelines are not stated explicitly in the Common Criteria. They are rather phrased in security domain terminology and difficult to understand for developers. This means that some general security and secure design expertise are required to fully take advantage of the Common Criteria and UMLsec. In addition, there is the problem of tracing security requirements and objectives into solution design,which is needed for proof of requirements fulfilment. This paper describes a security requirements engineering methodology called SecReq. SecReq combines three techniques: the Common Criteria, the heuristic requirements editorHeRA, andUMLsec. SecReqmakes systematic use of the security engineering knowledge contained in the Common Criteria and UMLsec, as well as security-related heuristics in the HeRA tool. The integrated SecReq method supports early detection of security-related issues (HeRA), their systematic refinement guided by the Common Criteria, and the ability to trace security requirements into UML design models. A feedback loop helps reusing experiencewithin SecReq and turns the approach into an iterative process for the secure system life-cycle, also in the presence of system evolution.

Pain expressiveness and altruistic behavior

Predictions which invoke evolutionary mechanisms ar e hard to test. Agent-based modeling in artificial life offers a way to simulate behaviors and interac tions in specific physical or social environments o ver many generations. The outcomes have implications fo r understanding adaptive value of behaviors in context. Pain-related behavior in animals is communicated to other animals that might protect or help, or might exploit or predate. An agent-based model simulated the effects of displaying or not displaying pain (expresser/non-expresser strategies) when injured, and of helping, ignoring or exploiting another in pain (altruistic/non-altruistic/selfish strategies) . Agents modeled in MATLAB interacted at random while foraging (gaining energy); random injury inte rrupted foraging for a fixed time unless help from an altruistic agent, who paid an energy cost, speeded recovery. Environmental and social conditions also varied, and each model ran for 10,000 iterations. Findings were meaningful in that, in general, conti ngencies evident from experimental work with a variety of mammals, over a few interactions, were r eplicated in the agent-based model after selection pressure over many generations. More energy-demandi ng expression of pain reduced its frequency in successive generations, and increasing injury frequ ency resulted in fewer expressers and altruists. Allowing exploitation of injured agents decreased e xpression of pain to near zero, but altruists remained. Decreasing costs or increasing benefits o f helping hardly changed its frequency, while increasing interaction rate between injured agents and helpers diminished the benefits to both. Agent- based modeling allows simulation of complex behavio urs and environmental pressures over evolutionary time.