Security Requirements Prioritization Based on Threat Modeling and Valuation Graph

  • Keun-Young Park
  • Sang-Guun Yoo
  • Juho Kim
Part of the Communications in Computer and Information Science book series (CCIS, volume 206)


Information systems manage assets that are critical for the business processes of organizations. Therefore, it is imperative that information systems be guaranteed and secured from the beginning of their development life cycle. Several approaches such as misuse cases, attack tree, and threat modeling have been proposed by way of security requirements. However, these approaches do not prioritize security requirements, though it is necessary in many cases. For example, when the security budget is insufficient, security requirements need to be prioritized to decide what will be developed and what will not. In this paper, we propose an extension to threat modeling by creating a process that allows the prioritization of security requirements via the valuation of assets, threats, and countermeasures modeled in a tree-like structured graph that we refer to as a “valuation graph.”


Security Requirement Prioritization Threat modeling 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Walton, J.P.: Developing an Enterprise Information Security Policy. In: Proc. 30th Annual ACM SIGUCCS Conference on User Services, pp. 153–156. ACM, New York (2002)CrossRefGoogle Scholar
  2. 2.
    Lipner, S.: The Trustworthy Computing Security Development Lifecycle. In: Proc. Computer Security Applications Conference, pp. 2–13. IEEE Press, Tucson (2004)CrossRefGoogle Scholar
  3. 3.
    Sindre, G., Opdahl, A.: Capturing Security Requirements through Misuse Case. In: Proc. 14th Norwegian Informatics Conference (NIK 2001), Tromso, pp. 26–28 (2001)Google Scholar
  4. 4.
    Diallo, M.H., et al.: A Comparative Evaluation of Three Approaches to Specifying Security Requirements. In: Proc. International Working Conference on Requirement Engineering: Foundation for Software Quality(REFSQ 2006), Luxembourg (2006)Google Scholar
  5. 5.
    Myagmar, S., Lee, A., Yurcik, W.: Threat Modeling as a Basis for Security Requirements. In: Proc. Symposium on Requirements Engineering for Information Security SREIS, Chteseer, Paris, pp. 94–102 (2005)Google Scholar
  6. 6.
    Swiderski, F., Snyder, W.: Threat Modeling. Microsoft Press (2004)Google Scholar
  7. 7.
    Firesmith, D.: Specifying Reusable Security Requirements. Journal of Object Technology 3, 61–75 (2004)CrossRefGoogle Scholar
  8. 8.
    Smith, J., Schuff, R., Louis, R.: Managing your IT Total Cost of Ownership. Communications of the ACM 45, 101–106 (2002)CrossRefGoogle Scholar
  9. 9.
    MacCormack, A.: Evaluating Total Cost of Software Platforms: Comparing Apples, Oranges and Cucumbers,
  10. 10.

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Keun-Young Park
    • 1
  • Sang-Guun Yoo
    • 1
  • Juho Kim
    • 1
  1. 1.Department of Computer Science and EngineeringSogang UniversitySeoulKorea

Personalised recommendations