Incorporating Nontechnical Attributes in
Multi-attribute Analysis for Security

Authors: Shawn A. Butler and Mary Shaw

Position paper for the Fourth Workshop on Economics-Driven Software Engineering Research (EDSER-4), affiliated with the 24th International Conference on Software Engineering (ICSE'02), May 2002, pp. 45-48.

Download the PDF version.    


The most obvious considerations that affect an organization's choice of security technologies are the threats the organization considers significant and the cost-effectiveness of various security technologies against those threats.  In practice, however, the choice is also strongly driven by less tangible, more nontechnical, considerations such as ease of implementation and maintenance, fit with organizational culture, or intuitive appeal to security personnel.  We originally designed the Security Attribute Evaluation Method (SAEM) to respond to the former considerations.  As SAEM has evolved, its multi-attribute risk elicitation and sensitivity analysis also address the latter considerations by helping security engineers make consistent judgments, focus on the highest points of leverage, and understand the implications of potential changes.  As a result, the benefit of the method lies not only in its recommendations, but also in its ability to sharpen the security engineers' understanding of their needs and options.


Brought to you by Composable Software Systems Research Group in the School of Computer Science at Carnegie Mellon University.

[Last modified 26-April-02. Mail suggestions to the Maintainer.]