Risk assessment as an argumentation game
|Title||Risk assessment as an argumentation game|
|Publication Type||Conference Paper|
|Year of Publication||2013|
|Authors||Prakken H., Ionita D., Wieringa R.J|
|Editor||Leite J., Son T.C, Torrini P., Van Der Torre L., Woltran S.|
|Conference Name||14th International Workshop on Computational Logic in Multi-Agent Systems, CLIMA XIV, Corunna, Spain|
This paper explores the idea that IT security risk assessment can be formalized as an argumentation game in which assessors argue about how the system can be attacked by a threat agent and defended by the assessors. A system architecture plus assumptions about the environment is specified as an ASPIC?+? argumentation theory, and an argument game is defined for exchanging arguments between assessors and hypothetical threat agents about whether the specification satisfies a given security requirement. Satisfaction is always partial and involves a risk assessment of the assessors. The game is dynamic in that the players can both add elements to and delete elements from the architecture specification. The game is shown to respect the underlying argumentation logic in that for any logically completed game ?won' by the defender, the security requirement is a justified conclusion from the architecture specification at that stage of the game.