Modelling the interplay of security, privacy and trust in sociotechnical systems: a computer-aided design approach

Personal data have become a central asset for multiple enterprise applications and online services offered by private companies, public organisations or a combination of both. The sensitivity of such data and the continuously growing legislation that accompanies their management dictate the development of methods that allow the development of more secure, trustworthy software systems with focus on privacy protection. The contribution of this paper is the definition of a novel requirements engineering method that supports both early and late requirements specification, giving emphasis on security, privacy and trust. The novelty of our work is that it provides the means for software designers and security experts to analyse the system-to-be from multiple aspects, starting from identifying high-level goals to the definition of business process composition, and elicitation of mechanisms to fortify the system from external threats. The method is supported by two CASE tools. To demonstrate the applicability and usefulness of our work, the paper shows its applications to a real-world case study.

[1]  Ian F. Alexander,et al.  Misuse Cases: Use Cases with Hostile Intent , 2003, IEEE Softw..

[2]  Rafal Leszczyna,et al.  Trust case: justifying trust in an IT solution , 2005, Reliab. Eng. Syst. Saf..

[3]  Robert K. Yin,et al.  Case Study Research and Applications: Design and Methods , 2017 .

[4]  Raian Ali,et al.  A Goal Modeling Framework for Self-contextualizable Software , 2009, BMMDS/EMMSAD.

[5]  Haralambos Mouratidis,et al.  Secure Tropos: a Security-Oriented Extension of the Tropos Methodology , 2007, Int. J. Softw. Eng. Knowl. Eng..

[6]  Ivar Jacobson,et al.  The unified modeling language reference manual , 2010 .

[7]  Haralambos Mouratidis,et al.  Evaluating a Reference Architecture for Privacy Level Agreement's Management , 2018, MCIS.

[8]  Nancy R. Mead,et al.  Security quality requirements engineering (SQUARE) methodology , 2005, SESS@ICSE.

[9]  John Mylopoulos,et al.  Reasoning about agents and protocols via goals and commitments , 2010, AAMAS.

[10]  Paolo Giorgini,et al.  Security Requirements Engineering: Designing Secure Socio-Technical Systems , 2016 .

[11]  Haralambos Mouratidis,et al.  Security Requirements Engineering for Cloud Computing: The Secure Tropos Approach , 2016, Domain-Specific Conceptual Modeling.

[12]  Bashar Nuseibeh,et al.  Security patterns: comparing modeling approaches , 2010 .

[13]  Yijun Yu,et al.  OpenOME: An Open-source Goal and Agent-Oriented Model Drawing and Analysis Tool , 2011, iStar.

[14]  Fausto Giunchiglia,et al.  Tropos: An Agent-Oriented Software Development Methodology , 2004, Autonomous Agents and Multi-Agent Systems.

[15]  Bashar Nuseibeh,et al.  Security Requirements Engineering: A Framework for Representation and Analysis , 2008, IEEE Transactions on Software Engineering.

[16]  Eric Yu,et al.  Modeling Strategic Relationships for Process Reengineering , 1995, Social Modeling for Requirements Engineering.

[17]  Axel van Lamsweerde,et al.  Requirements Engineering: From System Goals to UML Models to Software Specifications , 2009 .

[18]  C. H. Lie,et al.  Fault Tree Analysis, Methods, and Applications ߝ A Review , 1985, IEEE Transactions on Reliability.

[19]  Guido Möllering,et al.  The Trust/Control Duality , 2005 .

[20]  Haralambos Mouratidis,et al.  Supporting Privacy by Design Using Privacy Process Patterns , 2017, SEC.

[21]  John Mylopoulos,et al.  Capturing Variability in Adaptation Spaces: A Three-Peaks Approach , 2015, ER.

[22]  Eric S. K. Yu,et al.  Trust Trade-off Analysis for Security Requirements Engineering , 2009, 2009 17th IEEE International Requirements Engineering Conference.

[23]  Nancy R. Mead,et al.  Security quality requirements engineering (SQUARE) methodology , 2005, SESS@ICSE.

[24]  Adam Shostack,et al.  Threat Modeling: Designing for Security , 2014 .

[25]  Lin Liu,et al.  Modelling Trust for System Design Using the i* Strategic Actors Framework , 2000, Trust in Cyber-societies.

[26]  Julio Cesar Sampaio do Prado Leite,et al.  On Non-Functional Requirements in Software Engineering , 2009, Conceptual Modeling: Foundations and Applications.

[27]  Sjouke Mauw,et al.  Foundations of Attack Trees , 2005, ICISC.

[28]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[29]  John Mylopoulos,et al.  Non-Functional Requirements in Software Engineering , 2000, International Series in Software Engineering.

[30]  Haralambos Mouratidis,et al.  Modelling Security Using Trust Based Concepts , 2012, Int. J. Secur. Softw. Eng..

[31]  Paolo Giorgini,et al.  Transforming Socio-Technical Security Requirements in SecBPMN Security Policies , 2014, iStar.

[32]  Axel van Lamsweerde,et al.  Goal-Oriented Requirements Engineering: A Guided Tour , 2001, RE.

[33]  Haralambos Mouratidis,et al.  Applying the physics of notation to the evaluation of a security and privacy requirements engineering methodology , 2018, Inf. Comput. Secur..

[34]  Axel van Lamsweerde,et al.  Elaborating security requirements by construction of intentional anti-models , 2004, Proceedings. 26th International Conference on Software Engineering.

[35]  Haralambos Mouratidis,et al.  A Language for Modelling Trust in Information Systems , 2008, ISD.

[36]  John Mylopoulos,et al.  Security Requirements Engineering: The SI* Modeling Language and the Secure Tropos Methodology , 2010, Advances in Intelligent Information Systems.

[37]  Oscar Pastor,et al.  A pattern language to join early and late requirements , 2004, WER.

[38]  Raimundas Matulevicius,et al.  A Method for Eliciting Security Requirements from the Business Process Models , 2014, CAiSE.

[39]  Nancy R. Mead,et al.  Adapting the SQUARE Process for Privacy Requirements Engineering , 2010 .

[40]  Eric S. K. Yu,et al.  Towards modelling and reasoning support for early-phase requirements engineering , 1997, Proceedings of ISRE '97: 3rd IEEE International Symposium on Requirements Engineering.

[41]  Paolo Giorgini,et al.  Preserving Compliance with Security Requirements in Socio-Technical Systems , 2014, CSP Forum.

[42]  José F. Ruiz,et al.  Privacy Requirements: Findings and Lessons Learned in Developing a Privacy Platform , 2016, 2016 IEEE 24th International Requirements Engineering Conference (RE).

[43]  Seiya Miyazaki,et al.  Computer-Aided Privacy Requirements Elicitation Technique , 2008, 2008 IEEE Asia-Pacific Services Computing Conference.

[44]  Pamela Zave Classification of research efforts in requirements engineering , 1997, ACM Comput. Surv..

[45]  Frank Budinsky,et al.  Eclipse Modeling Framework , 2003 .

[46]  Axel van Lamsweerde,et al.  Handling Obstacles in Goal-Oriented Requirements Engineering , 2000, IEEE Trans. Software Eng..

[47]  Alan R. Hevner,et al.  Design Science in Information Systems Research , 2004, MIS Q..

[48]  Frank Budinsky,et al.  EMF: Eclipse Modeling Framework 2.0 , 2009 .

[49]  John Mylopoulos,et al.  Modeling security requirements through ownership, permission and delegation , 2005, 13th IEEE International Conference on Requirements Engineering (RE'05).

[50]  Michael Leuschel,et al.  Holistic Trust Design of E-Services , 2006 .

[51]  Paolo Giorgini,et al.  Maintaining Secure Business Processes in Light of Socio-Technical Systems' Evolution , 2016, 2016 IEEE 24th International Requirements Engineering Conference Workshops (REW).

[52]  Haralambos Mouratidis,et al.  Modeling Trust Relationships for Developing Trustworthy Information Systems , 2014, Int. J. Inf. Syst. Model. Des..

[53]  Stephan Faßbender,et al.  Functional requirements under security PresSuRE , 2014, 2014 9th International Conference on Software Paradigm Trends (ICSOFT-PT).

[54]  Claes Wohlin,et al.  Experimentation in software engineering: an introduction , 2000 .

[55]  Kamaljit Kaur Bimrah A framework for modelling trust during information systems development , 2009 .

[56]  S. Kanmani,et al.  Model Oriented Security Requirements Engineering (MOSRE) Framework for Web Applications , 2012, ACITY.

[57]  Paolo Giorgini,et al.  Modelling and reasoning about security requirements in socio-technical systems , 2015, Data Knowl. Eng..

[58]  Sylwia Męcfal Recenzja książki. Robert K. yin, Case Study Research. Design and Methods (fourth Edition), thousand Oaks, CA: Sage Publications, 2009 , 2012 .

[59]  John Mylopoulos,et al.  Multi-objective reasoning with constrained goal models , 2016, Requirements Engineering.

[60]  John Mylopoulos,et al.  From object-oriented to goal-oriented requirements analysis , 1999, CACM.

[61]  Costas Lambrinoudakis,et al.  Security requirements for e-government services: a methodological approach for developing a common PKI-based security policy , 2003, Comput. Commun..

[62]  Stefanos Gritzalis,et al.  Addressing privacy requirements in system design: the PriS method , 2008, Requirements Engineering.

[63]  Stephen Fickas,et al.  Goal-Directed Requirements Acquisition , 1993, Sci. Comput. Program..

[64]  Kurt Bittner,et al.  Use Case Modeling , 2002 .

[65]  Z. Zainal Case Study As a Research Method , 2007 .

[66]  Stephan Faßbender,et al.  Problem-Based Security Requirements Elicitation and Refinement with PresSuRE , 2014, ICSOFT.

[67]  Haralambos Mouratidis,et al.  Dealing with trust and control: A meta-model for trustworthy information systems development , 2012, 2012 Sixth International Conference on Research Challenges in Information Science (RCIS).

[68]  Roel Wieringa,et al.  Six strategies for generalizing software engineering theories , 2015, Sci. Comput. Program..

[69]  Wouter Joosen,et al.  A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements , 2011, Requirements Engineering.