A Model and Decision Method for Selecting Security Technologies
During system development, software engineers make many designdecisions related to fault tolerance, performance, scalability, andsecurity. Today's software engineer tries to balance systemrequirements, budgets, and schedule constraints to achieve the bestpossible system for the money and time allocated. In the case ofsecurity, most engineers still rely on checklists to determinesecurity requirements and/or marketing literature to select securitycomponents.Although checklists ensure that general security countermeasures areincluded as part of the system design, they are not useful in makingmore detailed design decisions. Detailed design decisions are oftenbased on a combination of factors, such as security countermeasurefunctionality, threat expectations, expected countermeasure benefits,risk preference, and other decision criteria. Many of these factorsinclude a highly subjective component, which make it difficult for theinexperienced security engineer to make well-reasoned designdecisions.In this thesis, I propose to address the security technology selectionproblem, i.e. the task of selecting specific types of securitycountermeasures for large software systems. This thesis will develop amodel and method that will assist software engineers in makingdetailed design decisions about security components. The model andmethod will rely on characterizing security technologies to includedecision relevant attributes. I also propose to use 5-6 real worldsoftware systems as case studies to develop and validate the model anddecision method.