Abstract
This paper explores the idea that IT security risk assessment can be formalized as an argumentation game in which assessors argue about how the system can be attacked by a threat agent and defended by the assessors. A system architecture plus assumptions about the environment is specified as an ASPIC β+β argumentation theory, and an argument game is defined for exchanging arguments between assessors and hypothetical threat agents about whether the specification satisfies a given security requirement. Satisfaction is always partial and involves a risk assessment of the assessors. The game is dynamic in that the players can both add elements to and delete elements from the architecture specification. The game is shown to respect the underlying argumentation logic in that for any logically completed game βwonβ by the defender, the security requirement is a justified conclusion from the architecture specification at that stage of the game.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Applebaum, A., Levitt, K., Rowe, J., Parsons, S.: Arguing about firewall policy. In: Verheij, B., Woltran, S., Szeider, S. (eds.) Computational Models of Argument. Proceedings of COMMA 2012, pp. 91β102. IOS Press, Amsterdam (2012)
Bandara, A.K., Kakas, A.C., Lupu, E.C., Russo, A.: Using argumentation logic for firewall policy specification and analysis. In: State, R., van der Meer, S., OβSullivan, D., Pfeifer, T. (eds.) DSOM 2006. LNCS, vol.Β 4269, pp. 185β196. Springer, Heidelberg (2006)
Dung, P.M.: On the acceptability of arguments and its fundamental role in nonmonotonic reasoning, logic programming, and nβperson games. Artificial IntelligenceΒ 77, 321β357 (1995)
Franqueira, V.N.L., Tun, T.T., Wieringa, R., Nuseibeh, B.: Risk and argument: a risk-based argumentation method for practical security. In: Proceedings of the 19th IEEE International Requirements Engineering Conference, Trento, Italy, pp. 239β248 (2011)
Haley, C., Laney, R., Moffett, J., Nuseibeh, B.: Security requirements engineering: A framework for representation and analysis. IEEE Transactions on Software EngineeringΒ 34(1), 133β153 (2008)
Krause, P., Fox, J., Judson, P.: An argumentation-based approach to risk assessment. IMA Journal of Mathematics Applied in Business & IndustryΒ 5, 249β263 (1993)
Loui, R.P.: Process and policy: resource-bounded non-demonstrative reasoning. Computational IntelligenceΒ 14, 1β38 (1998)
Lund, M.S., Solhaug, B., StΓΈlen, K.: Model-Driven Risk Analysis. The CORAS Approach. Springer, Heidelberg (2011)
Mauw, S., Oostdijk, M.: Foundations of Attack Trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol.Β 3935, pp. 186β198. Springer, Heidelberg (2006)
Modgil, S., Prakken, H.: Reasoning about preferences in structured extended argumentation frameworks. In: Baroni, P., Cerutti, F., Giacomin, M., Simari, G.R. (eds.) Computational Models of Argument. Proceedings of COMMA 2010, pp. 347β358. IOS Press, Amsterdam (2010)
Modgil, S., Prakken, H.: A general account of argumentation with preferences. Artificial IntelligenceΒ 195, 361β397 (2013)
Parsons, S., Fox, J., Coulson, A.: Argumentation and risk assessment. In: Proceedings of the AAAI Spring Symposium on Predictive Toxicology (1999)
Prakken, H.: Relating protocols for dynamic dispute with logics for defeasible argumentation. SyntheseΒ 127, 187β219 (2001)
Prakken, H.: Coherence and flexibility in dialogue games for argumentation. Journal of Logic and ComputationΒ 15, 1009β1040 (2005)
Prakken, H.: An abstract framework for argumentation with structured arguments. Argument and ComputationΒ 1, 93β124 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Β© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Prakken, H., Ionita, D., Wieringa, R. (2013). Risk Assessment as an Argumentation Game. In: Leite, J., Son, T.C., Torroni, P., van der Torre, L., Woltran, S. (eds) Computational Logic in Multi-Agent Systems. CLIMA 2013. Lecture Notes in Computer Science(), vol 8143. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40624-9_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-40624-9_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40623-2
Online ISBN: 978-3-642-40624-9
eBook Packages: Computer ScienceComputer Science (R0)