Graphical Modeling of Security Arguments: Current State and Future Directions

  • Dan IonitaEmail author
  • Margaret Ford
  • Alexandr Vasenev
  • Roel Wieringa
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10744)


Identifying threats and risks to complex systems often requires some form of brainstorming. In addition, eliciting security requirements involves making traceable decisions about which risks to mitigate and how. The complexity and dynamics of modern socio-technical systems mean that their security cannot be formally proven. Instead, some researchers have turned to modeling the claims underpinning a risk assessment and the arguments which support security decisions. As a result, several argumentation-based risk analysis and security requirements elicitation frameworks have been proposed. These draw upon existing research in decision making and requirements engineering. Some provide tools to graphically model the underlying argumentation structures, with varying degrees of granularity and formalism. In this paper, we compare these approaches, discuss their applicability and suggest avenues for future research. We find that the core of existing security argumentation frameworks are the links between threats, risks, mitigations and system components. Graphs - a natural representation for these links - are used by many graphical security argumentation tools. But, in order to be human-readable, the graphical models of these graphs need to be both scalable and easy to understand. Therefore, in order to facilitate adoption, both the creation and exploration of these graphs need to be streamlined.


Risk assessment Security requirements Argumentation Graphical modeling 


  1. 1.
    Adelard Safety Case Development (ASCAD) Manual, London, UK (2010)Google Scholar
  2. 2.
    Beel, J., Langer, S.: An exploratory analysis of mind maps. In: Proceedings of the 11th ACM Symposium on Document Engineering, pp. 81–84. ACM (2011)Google Scholar
  3. 3.
    Bloomfield, R.E., Guerra, S., Miller, A., Masera, M., Weinstock, C.B.: International working group on assurance cases (for security). IEEE Secur. Priv. 4(3), 66–68 (2006)CrossRefGoogle Scholar
  4. 4.
    Breaux, T.D., Baumer, D.L.: Legally “reasonable” security requirements: a 10-year FTC retrospective. Comput. Secur. 30(4), 178–193 (2011)CrossRefGoogle Scholar
  5. 5.
    Buckingham Shum, S.: The Roots of Computer Supported Argument Visualization, pp. 3–24. Springer, London (2003)Google Scholar
  6. 6.
    Campbell-Kelly, M.: The History of Mathematical Tables: From Sumer to Spreadsheets. Oxford University Press, Oxford (2003)Google Scholar
  7. 7.
    Cleland, G.M., Habli, I., Medhurst, J.: Evidence: Using Safety Cases in Industry and Healthcare. The Health Foundation, London (2012)Google Scholar
  8. 8.
    Cyra, L., Górski, J.: Support for argument structures review and assessment. Reliab. Eng. Syst. Saf. 96(1), 26–37 (2011). Special Issue on Safecomp 2008CrossRefGoogle Scholar
  9. 9.
    Defence standard 00-56 issue 4 (part 1): Safety management requirements for defence systems, July 2007Google Scholar
  10. 10.
    Emmet, L.: Using claims, arguments and evidence: a pragmatic view-and tool support in ASCE.
  11. 11.
    Eppler, M.J.: A comparison between concept maps, mind maps, conceptual diagrams, and visual metaphors as complementary tools for knowledge construction and sharing. Inf. Vis. 5(3), 202–210 (2006)CrossRefGoogle Scholar
  12. 12.
    Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Off. J. Eur. Union L119/59, 1–88, May 2016.
  13. 13.
    Firesmith, D.G.: Analyzing and specifying reusable security requirements. Technical report DTIC Document (2003)Google Scholar
  14. 14.
    Fischer, G., Lemke, A.C., McCall, R., Morch, A.I.: Making argumentation serve design. Hum.-Comput. Interact. 6(3), 393–419 (1991)CrossRefGoogle Scholar
  15. 15.
    Franqueira, V.N.L., Tun, T.T., Yu, Y., Wieringa, R., Nuseibeh, B.: Risk and argument: a risk-based argumentation method for practical security. In: RE, pp. 239–248. IEEE (2011)Google Scholar
  16. 16.
    Gold, J.: Data breaches and computer hacking: liability & insurance issues. American Bar Association’s Government Law Committee Newsletter Fall (2011)Google Scholar
  17. 17.
    Goodwin, J., Fisher, A.: Wigmore’s chart method. Inf. Logic 20(3), 223–243 (2000)Google Scholar
  18. 18.
    Górski, J., Jarz̧bowicz, A., Leszczyna, R., Miler, J., Olszewski, M.: Trust case justifying trust in an it solution. Reliab. Eng. Syst. Saf. 89(1), 33–47 (2005)CrossRefGoogle Scholar
  19. 19.
    Haley, C., Laney, R., Moffett, J., Nuseibeh, B.: Security requirements engineering: a framework for representation and analysis. IEEE Trans. Soft. Eng. 34(1), 133–153 (2008)CrossRefGoogle Scholar
  20. 20.
    Haley, C.B., Laney, R., Moffett, J.D., Nuseibeh, B.: Arguing satisfaction of security requirements. In: Integrating Security and Software Engineering: Advances and Future Visions, pp. 16–43 (2006)Google Scholar
  21. 21.
    Haley, C.B., Moffett, J.D., Laney, R., Nuseibeh, B.: Arguing security: validating security requirements using structured argumentation. In: Proceedings of Third Symposium on Requirements Engineering for Information Security (SREIS 2005) held in conjunction with the 13th International Requirements Engineering Conference (RE 2005) (2005)Google Scholar
  22. 22.
    Ionita, D., Bullee, J.W., Wieringa, R.J.: Argumentation-based security requirements elicitation: the next round. In: 2014 IEEE 1st Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), pp. 7–12. Springer, Heidelberg, August 2014Google Scholar
  23. 23.
    Ionita, D., Kegel, R., Baltuta, A., Wieringa, R.: Arguesecure: out-of-the-box security risk assessment. In: 2016 IEEE 24th International Requirements Engineering Conference Workshops (REW), pp. 74–79, September 2016Google Scholar
  24. 24.
    Kelly, T., Weaver, R.: The goal structuring notation - a safety argument notation. In: Proceedings of Dependable Systems and Networks 2004 Workshop on Assurance Cases (2004)Google Scholar
  25. 25.
    Kelly, T.P.: Arguing Safety: A Systematic Approach to Managing Safety Cases. University of York, York (1999)Google Scholar
  26. 26.
    Lee, J., Lai, K.Y.: What’s in design rationale? Hum.-Comput. Interact. 6(3–4), 251–280 (1991)CrossRefGoogle Scholar
  27. 27.
    Liao, S.H.: Expert system methodologies and applications - a decade review from 1995 to 2004. Exp. Syst, Appl. 28(1), 93–103 (2005)CrossRefGoogle Scholar
  28. 28.
    Maclean, A., Young, R.M., Moran, T.P.: Design rationale: the argument behind the artefact. In: Proceedings of the Computer Human Interaction conference (CHI) (1989)Google Scholar
  29. 29.
    Markham, K.M., Mintzes, J.J., Jones, M.G.: The concept map as a research and evaluation tool: further evidence of validity. J. Res. Sci. Teach. 31(1), 91–101 (1994)CrossRefGoogle Scholar
  30. 30.
    Mosier, K.L.: Myths of expert decision making and automated decision aids. In: Naturalistic Decision Making, pp. 319–330 (1997)Google Scholar
  31. 31.
    Mylopoulos, J., Borgida, A., Jarke, M., Koubarakis, M.: Telos: representing knowledge about information systems. ACM Trans. Inf. Syst. (TOIS) 8(4), 325–362 (1990)CrossRefGoogle Scholar
  32. 32.
    Park, J.S., Montrose, B., Froscher, J.N.: Tools for information security assurance arguments. In: Proceedings of the DARPA Information Survivability Conference, DISCEX 2001, vol. 1, pp. 287–296 (2001)Google Scholar
  33. 33.
    Polikar, R.: Ensemble based systems in decision making. IEEE Circ. Syst. Mag. 6(3), 21–45 (2006)CrossRefGoogle Scholar
  34. 34.
    Prakken, H.: An abstract framework for argumentation with structured arguments. Argument Comput. 1, 93–124 (2010)CrossRefGoogle Scholar
  35. 35.
    Prakken, H., Ionita, D., Wieringa, R.: Risk assessment as an argumentation game. In: Leite, J., Son, T.C., Torroni, P., van der Torre, L., Woltran, S. (eds.) CLIMA 2013. LNCS (LNAI), vol. 8143, pp. 357–373. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  36. 36.
    Rowe, J., Levitt, K., Parsons, S., Sklar, E., Applebaum, A., Jalal, S.: Argumentation logic to assist in security administration. In: Proceedings of the 2012 New Security Paradigms Workshop, NSPW 2012, pp. 43–52. ACM, New York (2012)Google Scholar
  37. 37.
    Rushby, J.: The interpretation and evaluation of assurance cases. SRI International, Menlo Park, CA, USA (2015)Google Scholar
  38. 38.
    Shum, S.J.B., MacLean, A., Bellotti, V.M.E., Hammond, N.V.: Graphical argumentation and design cognition. Hum.-Comput. Interact. 12(3), 267–300 (1997)CrossRefGoogle Scholar
  39. 39.
    Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Eng. 10(1), 34–44 (2005)CrossRefGoogle Scholar
  40. 40.
    Toulmin, S., Rieke, R., Janik, A.: An Introduction to Reasoning. Macmillan, Basingstoke (1979)Google Scholar
  41. 41.
    Toulmin, S.E.: The Uses of Argument. Cambridge University Press, Cambridge (1958)Google Scholar
  42. 42.
    Yu, Y., Tun, T.T., Tedeschi, A., Franqueira, V.N.L., Nuseibeh, B.: Openargue: supporting argumentation to evolve secure software systems. In: 2011 IEEE 19th International Requirements Engineering Conference, pp. 351–352, August 2011Google Scholar
  43. 43.
    Yu, Y., Franqueira, V.N.L., Tun, T.T., Wieringa, R., Nuseibeh, B.: Automated analysis of security requirements through risk-based argumentation. J. Syst. Soft. 106, 102–116 (2015)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Dan Ionita
    • 1
    Email author
  • Margaret Ford
    • 2
  • Alexandr Vasenev
    • 1
  • Roel Wieringa
    • 1
  1. 1.Services, Cybersecurity and Safety groupUniversity of TwenteEnschedeThe Netherlands
  2. 2.Consult HyperionGuildfordUK

Personalised recommendations