Argumentation-Based Security Requirements Analysis: BitMessage Case Study

Developers have to ensure that their systems meet certain security requirements. Structured argumentation can be a powerful tool for developers to deal with system behavior, vulnerabilities, and threats. Haley's framework is based on construction of a context for the system, representing security requirements as constraints, and developing satisfaction arguments for the security requirements. Incomplete and uncertain information and limited resources force the developers to settle for good-enough security. Risk assessment in Security Argumentation (RISA) extends Haley's method with risk assessment. RISA uses publicly available catalogs of security expertise and most common attack patterns to support risk assessment. These catalogs provide valuable information to the assessment process and help the developers identify mitigations for security requirements satisfaction. RISA developers stated the most pressing issue of their future work is the validation of RISA. In previous studies, no validation of RISA framework has been done on a complex system. Hence, this work evaluates RISA framework by applying it to the security requirements analysis of the address generation module of the decentralized, peer-to-peer communication protocol BitMessage. In addition, based on this analysis, we suggest a new set of requirements to improve the security of the current BitMessage client version.