Risk Assessment as an Argumentation Game
نویسندگان
چکیده
This paper explores the idea that IT security risk assessment can be formalized as an argumentation game in which assessors argue about how the system can be attacked by a threat agent and defended by the assessors. A system architecture plus assumptions about the environment is specified as an ASPIC argumentation theory, and an argument game is defined for exchanging arguments between assessors and hypothetical threat agents about whether the specification satisfies a given security requirement. Satisfaction is always partial and involves a risk assessment of the assessors. The game is dynamic in that the players can both add elements to and delete elements from the architecture specification. The game is shown to respect the underlying argumentation logic in that for any logically completed game ‘won’ by the defender, the security requirement is a justified conclusion from the architecture specification at that stage of the game.
منابع مشابه
Risk management in urban tunnels using methods of game theory and multi-criteria decision-making
In general, underground spaces are associated with high risks because of their high uncertainty in geotechnical environments. Since most accidents and incidents in these structures are often associated with uncertainty, the development of risk analysis and management methods and prevention of accidents are essential. A deeper recognition of the factors affecting the implementation process can p...
متن کاملMODELING RISK OF LOSING A CUSTOMER IN A TWO-ECHELON SUPPLY CHAIN FACING AN INTEGRATED COMPETITOR: A GAME THEORY APPROACH
In a competitive market, customer decision is made to maximize his utility. It can be assumed that risk of losing a supply chain’s customer can be defined based on products utility from customer point of view. This paper takes account of product price and service level as competition criteria. The proposed model is based on non-cooperative game theory, for one-manufacturer and one-retailer supp...
متن کاملA New Method in Bankruptcy Assessment Using DEA Game Theory
One of the most important economic concepts is evaluation and bankruptcy prediction. Financial events, which an organization could be, exposed to serious risks and it goes bankruptcy. Therefore, prediction and assessment bankruptcy enable organizations that to be familiar the financial risks and resolve their financial deficiencies. So in this paper, we discuss one of the most important economi...
متن کاملArgumentation and Risk Assessment
Over the last ten years we have been involved in the development of a formal framework for decision making and reasoning under uncertainty based on "argumentation". The latter provides a way of managing uncertainty which differs from probabilistic inference and is particularly valuable in those many practical situations where uncertainty cannot be quantified. Recently we have been applying argu...
متن کاملExtensive-Form Argumentation Games
Two prevalent approaches to automated negotiation are the application of game-theoretic notions and the argumentation-based angle; these two schemes are frequently at odds. An elegant view of argumentation is Dung’s abstract argumentation theory [2], which cold-shoulders the internal structure of arguments in favor of the entire debate’s global structure. Dung’s theory is elaborated by work in ...
متن کامل