Assessing security and privacy behavioural risks for self-protection systems

Yijun Yu*, Yoshioka Nobukazu, Tetsuo Tamai

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingChapter

3 Citations (Scopus)


Security and privacy can often be considered from two perspectives. The first perspective is that of the attacker who seeks to exploit vulnerabilities of the system to harm assets such as the software system itself or its users. The second perspective is that of the defender who seeks to protect the assets by minimising the likelihood of attacks on those assets. This chapter focuses on analysing security and privacy risks from these two perspectives considering both the software system and its uncertain environment including uncertain human behaviours. These risks are dynamically changing at runtime, making them even harder to analyse. To compute the range of these risks, we highlight how to alternate between the attacker and the defender perspectives as part of an iterative process. We then quantify the risk assessment as part of adaptive security and privacy mechanisms complementing the logic reasoning of qualitative risks in argumentation (Yu et al., J Syst Softw 106:102(replacement character)116, 2015). We illustrate the proposed approach through the risk analysis of examples in security and privacy.

Original languageEnglish
Title of host publicationEngineering adaptive software systems
Subtitle of host publicationCommunications of nii shonan meetings
PublisherSpringer Singapore
Number of pages13
ISBN (Electronic)9789811321856
ISBN (Print)9789811321849
Publication statusPublished - 2019 Jan 14
Externally publishedYes

ASJC Scopus subject areas

  • Computer Science(all)


Dive into the research topics of 'Assessing security and privacy behavioural risks for self-protection systems'. Together they form a unique fingerprint.

Cite this