BLOGS WEBSITE

Research collaboration on security resulted in ICSE 2016 Paper

We are delighted to announce that our ongoing collaboration with researchers from Lancaster University and University of Leicester has recently resulted in a publication accepted in the premier conference on Software Engineering, the International Conference on Software Engineering to be organised in Austin, USA in 2016. The title and abstract of the accepted paper are: Discovering “Unknown Known” Security Requirements:
Security is one of the biggest challenges facing organisations in the modern hyper-connected world. A number of ‘theoret- ical’ security models are available that provide best practice security guidelines and are widely utilised as a basis to iden- tify and operationalise security requirements. Such models often capture high-level security concepts (e.g., whitelisting, secure configurations, wireless access control, data recovery, etc.), strategies for operationalising such concepts through specific security controls, and relationships between the var- ious concepts and controls. The threat landscape, however, evolves leading to new tacit knowledge that is embedded in or across a variety of security incidents. These unknown knowns alter, or at least demand reconsideration of the the- oretical security models underpinning security requirements. In this paper, we present an approach to discover such un- known knowns through multi-incident analysis. The ap- proach is based on a novel combination of grounded theory and incident fault trees. We demonstrate the effectiveness of the approach through its application to identify revisions to a theoretical security model widely used in industry.

This entry was posted in News, Publications. Bookmark the permalink.
 

Comments are closed.