论文信息 - Analysing Security Requirements of Information Systems Using Tropos

Analysing Security Requirements of Information Systems Using Tropos

Security is an important issue when developing complex information systems, however very little work has been done in integrating security concerns during the analysis of information systems. Current methodologies fail to adequately integrate security and systems engineering, basically because they lack concepts and models as well as a systematic approach towards security. We believe that security should be considered during the whole development process and it should be defined together with the requirements specification. This paper introduces extensions to the Tropos methodology to accommodate security. A description of new concepts is given along with an explanation of how these concepts are integrated to the current stages of Tropos. The above is illustrated using an agent-based health and social care information system as a case study.

Haralambos Mouratidis | Paolo Giorgini | Abdullah Gani | Gordon A. Manson

[1] Haralambos Mouratidis,et al. Using Tropos Methodology to Model an Integrated Health Assessment System , 2002, AOIS@CAiSE.

[2] Marco Pistore,et al. Model checking early requirements specifications in Tropos , 2001, Proceedings Fifth IEEE International Symposium on Requirements Engineering.

[3] Ivar Jacobson,et al. The Unified Software Development Process , 1999 .

[4] Haralambos Mouratidis,et al. Analysis and Design of the eSAP: An Integrated Health and Social Care Information System , 2003, Health Informatics J..

[5] William Stallings,et al. Cryptography and Network Security: Principles and Practice , 1998 .

[6] Luiz Marcio Cysneiros,et al. Designing for privacy and other competing requirements , 2002 .

[7] Premkumar T. Devanbu,et al. Software engineering for security: a roadmap , 2000, ICSE '00.

[8] Butler W. Lampson,et al. 31. Paper: Computer Security in the Real World Computer Security in the Real World , 2022 .

[9] Stephen Fickas,et al. Goal-Directed Requirements Acquisition , 1993, Sci. Comput. Program..

[10] Catherine A. Meadows,et al. A model of computation for the NRL Protocol Analyzer , 1994, Proceedings The Computer Security Foundations Workshop VII.