Security Requirements Engineering for Service-Oriented Applications

Security Requirements Engineering (SRE) is concerned with detect- ing and analysing security issues early in the software development process. Some variants of i* start since early requirements and rely on modelling actors and their dependencies. Though useful for traditional information systems devel- opment, these approaches adopt a bird's eye perspective that is inadequate for service-oriented applications, in which multiple autonomous and heterogeneous agents interact to achieve their own strategic interests. In this paper we present SecCo (Security via Commitments), a novel SRE frame- work expressly thought for service-oriented settings. The key intuition is to relate security requirements to interaction. In order to do so, we specify security re- quirements in terms of social commitments, promises with contractual validity between agents. These commitments describe the security properties the service provider commits to ensure to the consumer while delivering the service.

[1]  Haralambos Mouratidis,et al.  Secure Tropos: a Security-Oriented Extension of the Tropos Methodology , 2007, Int. J. Softw. Eng. Knowl. Eng..

[2]  Eric Yu,et al.  Modeling Strategic Relationships for Process Reengineering , 1995, Social Modeling for Requirements Engineering.

[3]  Paolo Giorgini,et al.  Security requirements engineering via commitments , 2011, 2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST).

[4]  John Mylopoulos,et al.  Requirement Engineering Meets Security: A Case Study on Modelling Secure Electronic Transactions by VISA and Mastercard , 2003, ER.

[5]  John Mylopoulos,et al.  Security and privacy requirements analysis within a social setting , 2003, Proceedings. 11th IEEE International Requirements Engineering Conference, 2003..

[6]  Munindar P. Singh An ontology for commitments in multiagent systems: , 1999, Artificial Intelligence and Law.

[7]  John Mylopoulos,et al.  Modeling and Reasoning about Service-Oriented Applications via Goals and Commitments , 2010, CAiSE.