Publications Details

New security paradigms workshop white paper

Fletcher, S.K.; Halbgewachs, R.; Jansma, R.; Lim, J.; Murphy, M.; Wyss, G.

An historical look at software systems reveals a progression of thinking about protection and risk management. In this paper, three generations are defined. For each, we examine the prevalent views of risk, risk assessment, and risk mitigation. We also examine prevalent strategies for assurance. Many gaps exist in current knowledge of how to manage and assess risks in software systems. This paper presents a new perspective which enables comprehensive risk-based design and evaluation of systems, spanning a range of surety concerns (including correctness and safety, in addition to traditional security concerns), and addressing multiple system aspects. We believe this to be a new and unique multidisciplinary approach which transcends both traditional security approaches and traditional risk analysis methods. It facilitates a risk analysis completely tailored to the system at hand, instantiating its threats, its barriers, and its needs for risk reduction.