Evaluation of MUSER, a holistic security requirements analysis framework

摘要

Security has been a growing concern for large organizations, especially financial and governmental institutions, as security breaches in the systems they depend on have repeatedly resulted in billions of dollars in losses per year, and this cost is on the rise. A primary reason for these breaches is that the systems in question are socio-technical - a mix of people, processes, technology and infrastructure. However, such systems are designed in a piecemeal rather than a holistic fashion, leaving parts of the system vulnerable. To tackle this problem, a three-realm security requirements framework was proposed to holistically analyse security requirements in different conceptual realms, including social realm (business processes, social actors), a software realm (software applications that support the social realm) and an infrastructure realm (physical and technological infrastructure). In this paper we evaluate this security requirements analysis framework. The evaluation was performed by two graduate students using a large scale case study on a medical emergency response system.