We propose to explore the feasibility of adapting an existing CASE tool to create a high-level risk and threat analysis system that enables sponsors, developers, and accreditors of Navy C4I systems to quickly capture and display security requirements and associated threats and risks. In Phase I we will: 1) define the problem; 2) select and demonstrate existing CASE tools; and 3) scope and plan modifications. In our feasibility study we will consider: 1) A fuzzy expert system to support representing and reasoning about high-level requirements and related threats and risks; 2) Animation and simulation to help users visualize threat scenarios and identify missing security requirements; 3) Graphic "what-if" analysis to compare the cost-effectiveness of different safeguards and countermeasures; and 4) Methods to manage classified threats and vulnerabilities. The adapted CASE tool will be Useful for rapid security requirement prototyping, and risk analysis for a variety of military systems.
Keywords: Threat Analysis Risk Analysis Fuzzy Systems Case
