Requirements engineering for trust management: model, methodology, and reasoning

A number of recent proposals aim to incorporate security engineering into mainstream software engineering. Yet, capturing trust and security requirements at an organizational level, as opposed to an IT system level, and mapping these into security and trust management policies is still an open problem. This paper proposes a set of concepts founded on the notions of ownership, permission, and trust and intended for requirements modeling. It also extends Tropos, an agent-oriented software engineering methodology, to support security requirements engineering. These concepts are formalized and are shown to support the automatic verification of security and trust requirements using Datalog. To make the discussion more concrete, we illustrate the proposal with a Health Care case study.

[1]  Joan Feigenbaum,et al.  The Role of Trust Management in Distributed Systems Security , 2001, Secure Internet Programming.

[2]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[3]  N. L. Chervany,et al.  THE MEANINGS OF TRUST , 2000 .

[4]  Nicodemos Constantinou Damianou,et al.  A policy framework for management of distributed systems , 2002 .

[5]  David A. Basin Model driven security , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[6]  Marco Pistore,et al.  Specifying and analyzing early requirements: some experimental results , 2003, Proceedings. 11th IEEE International Requirements Engineering Conference, 2003..

[7]  Joan Feigenbaum,et al.  REFEREE: Trust Management for Web Applications , 1997, Comput. Networks.

[8]  Wolfgang Faber,et al.  The DLV system for knowledge representation and reasoning , 2002, TOCL.

[9]  Premkumar T. Devanbu,et al.  Software engineering for security: a roadmap , 2000, ICSE '00.

[10]  John P. McDermott,et al.  Using abuse case models for security requirements analysis , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[11]  John Mylopoulos,et al.  Security and privacy requirements analysis within a social setting , 2003, Proceedings. 11th IEEE International Requirements Engineering Conference, 2003..

[12]  John Mylopoulos,et al.  Formal Reasoning Techniques for Goal Models , 2003, J. Data Semant..

[13]  Serge Abiteboul,et al.  Foundations of Databases , 1994 .

[14]  W. Hamilton,et al.  The evolution of cooperation. , 1984, Science.

[15]  Stephen Fickas,et al.  Goal-Directed Requirements Acquisition , 1993, Sci. Comput. Program..

[16]  John Mylopoulos,et al.  Towards requirements-driven information systems engineering: the Tropos project , 2002, Inf. Syst..

[17]  John Mylopoulos,et al.  From Hippocratic Databases to Secure Tropos: a Computer-Aided Re-Engineering Approach , 2007, Int. J. Softw. Eng. Knowl. Eng..

[18]  Theodore Tryfonas,et al.  Embedding security practices in contemporary information systems development approaches , 2001, Inf. Manag. Comput. Secur..

[19]  Fabio Massacci,et al.  Using a security requirements engineering methodology in practice: The compliance with the Italian data protection legislation , 2005, Comput. Stand. Interfaces.

[20]  John Mylopoulos,et al.  Requirement Engineering Meets Security: A Case Study on Modelling Secure Electronic Transactions by VISA and Mastercard , 2003, ER.

[21]  Marco Pistore,et al.  Model checking early requirements specifications in Tropos , 2001, Proceedings Fifth IEEE International Symposium on Requirements Engineering.

[22]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[23]  Luiz Marcio Cysneiros,et al.  Designing for privacy and other competing requirements , 2002 .

[24]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[25]  Lawrence Chung,et al.  Dealing with Non-Functional Requirements: Three Experimental Studies of a Process-Oriented Approach , 1995, 1995 17th International Conference on Software Engineering.

[26]  Axel van Lamsweerde,et al.  From system goals to intruder anti-goals: attack generation and resolution for security requirements engineering , 2003 .

[27]  Annie I. Antón,et al.  A requirements taxonomy for reducing Web site privacy vulnerabilities , 2004, Requirements Engineering.

[28]  Trevor Jim,et al.  SD3: a trust management system with certified evaluation , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[29]  Haralambos Mouratidis,et al.  Modelling secure multiagent systems , 2003, AAMAS '03.

[30]  Bashar Nuseibeh,et al.  Security requirements engineering: when anti-requirements hit the fan , 2002, Proceedings IEEE Joint International Conference on Requirements Engineering.

[31]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[32]  Mario Piattini,et al.  Legal requirements reuse: a critical success factor for requirements quality and personal data protection , 2002, Proceedings IEEE Joint International Conference on Requirements Engineering.

[33]  Christof Ebert,et al.  Requirements before the requirements: understanding the upstream impacts , 2005, 13th IEEE International Conference on Requirements Engineering (RE'05).

[34]  John Mylopoulos,et al.  Filling the Gap between Requirements Engineering and Public Key/Trust Management Infrastructures , 2004, EuroPKI.

[35]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[36]  John Mylopoulos,et al.  Analyzing security requirements as relationships among strategic actors , 2002 .

[37]  Fausto Giunchiglia,et al.  Tropos: An Agent-Oriented Software Development Methodology , 2004, Autonomous Agents and Multi-Agent Systems.

[38]  Butler W. Lampson,et al.  Simple Public Key Certificate , 1998 .

[39]  Ian Sommerville,et al.  Software Engineering, 6. Auflage , 2001 .

[40]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[41]  Rino Falcone,et al.  Principles of trust for MAS: cognitive anatomy, social importance, and quantification , 1998, Proceedings International Conference on Multi Agent Systems (Cat. No.98EX160).

[42]  Ross J. Anderson,et al.  A security policy model for clinical information systems , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[43]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[44]  John Mylopoulos,et al.  Modeling security requirements through ownership, permission and delegation , 2005, 13th IEEE International Conference on Requirements Engineering (RE'05).

[45]  John Mylopoulos,et al.  Requirements Engineering Meets Trust Management: Model, Methodology, and Reasoning , 2004, iTrust.

[46]  Joan Feigenbaum,et al.  Delegation logic: A logic-based approach to distributed authorization , 2003, TSEC.

[47]  Building Organizational Trust , 2000 .

[48]  Ninghui Li,et al.  Beyond proof-of-compliance: safety and availability analysis in trust management , 2003, 2003 Symposium on Security and Privacy, 2003..

[49]  John Mylopoulos,et al.  Modeling Social and Individual Trust in Requirements Engineering Methodologies , 2005, iTrust.

[50]  David Basin,et al.  Model driven security: From UML models to access control infrastructures , 2006, TSEM.