Use this URL to cite or link to this record in EThOS:
Title: A framework for the extension and visualisation of cyber security requirements in modelling languages
Author: Maines, C. L.
ISNI:       0000 0004 7223 5888
Awarding Body: Liverpool John Moores University
Current Institution: Liverpool John Moores University
Date of Award: 2018
Availability of Full Text:
Access from EThOS:
Full text unavailable from EThOS. Thesis embargoed until 11 Apr 2023
Access from Institution:
Almost half of UK firms claim to have been subject to some sort of cyber-attack or breach in the last 12 months, with an average cost per incident being around £20,000. Yet, even in the face of these ever-mounting threats, cyber security is still treated as an afterthought throughout the systems development lifecycle (SDLC). Though literature is aiming to rectify this mindset through the proposal of multiple software security solutions, there is still a noticeable absence of any usable, expressive tool for designing cyber security into a system at the requirements stages of the SDLC. By not practicing secure by design, there is a risk of: poor defences, confused developers with no security guidelines to work from, a potential redesign of core functionality and very expensive patch management. There have been several attempts at producing a solution, with modelling languages presenting themselves as the perfect platform to specify such designs. One can observe multiple publications throughout literature which propose the extension of these languages to include security expression. However, the ability of these propositions to provide comprehensive expression of the cyber security domain and remain usable alongside their parent modelling language, remains an elusive endeavour. The aim of this thesis is to produce a solution which ensures the practicability of expressive and usable secure by design tool implementation. That is, by conducting an evaluation of existing attempts at security extension and extracting heuristics based on their current failings, combine them with proven scientific principles to produce a framework which will act as its own form of methodology to guide the development of a security extension to modelling languages.
Supervisor: Zhou, B. ; Tang, S. ; Shi, Q. Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
Keywords: QA75 Electronic computers. Computer science ; QA76 Computer software