Title: Towards Quantitative Goal Modelling of Security Requirements
Speaker: Emmanuel Letier, UCL, UK

Abstract:
Security goals can generally not be satisfied in an absolute sense. They are often conflicting with other important concerns such as usability, cost, and performance, so that the amount of security provided by the system must be balanced against the satisfaction of other goals. Various qualitative and quantitative frameworks have been proposed to support reasoning about partial goal satisfaction in order to guide such tradeoffs. In general they lead to limited conclusions due to the lack of accuracy and measurability of goal formulations and contribution links.

During this talk, we will present a framework for specifying partial degrees of goal satisfaction in a precise and easurable way, and for quantifying the impact of alternative system designs on the degree of goal satisfaction. The approach consists in enriching goal refinement models with a probabilistic layer for reasoning about partial satisfaction. We will explore the possibility of applying this framework to security goals. Excerpts from an industrial case study involving the elaboration f requirements for a financial fraud detection system will be used to illustrate the techniques and issues involved.

Bio:
Emmanuel Letier is lecturer and programme director for the MSc in Software Systems Engineering in the Department of Computer Science, University College London. His research interests are in systems requirements engineering, formal specification, and software design. http://www.cs.ucl.ac.uk/staff/e.letier/