Modelling security and trust with Secure Tropos

Although the concepts of security and trust play an important issue in the development of information systems, they have been mainly neglected by software engineering methodologies. In this chapter, we present an approach that considers security and trust throughout the software development process. Our approach integrates two prominent software engineering approaches, one that provides a security-oriented process and one that provides a trust management process. The result is the development of a methodology that considers security and trust issues as part of its development process. Such integration represents an advance over the current state of the art by providing the first effort to consider security and trust issues under a single software engineering methodology. A case study from the health domain is employed to illustrate our approach.

[1]  Serge Abiteboul,et al.  Foundations of Databases , 1994 .

[2]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[3]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[4]  Svein J. Knapskog,et al.  How to trust systems , 1997, SEC.

[5]  Rino Falcone,et al.  Principles of trust for MAS: cognitive anatomy, social importance, and quantification , 1998, Proceedings International Conference on Multi Agent Systems (Cat. No.98EX160).

[6]  John P. McDermott,et al.  Using abuse case models for security requirements analysis , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[7]  Joan Feigenbaum,et al.  The Role of Trust Management in Distributed Systems Security , 2001, Secure Internet Programming.

[8]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[9]  Lin Liu,et al.  Modelling Trust for System Design Using the i* Strategic Actors Framework , 2000, Trust in Cyber-societies.

[10]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[11]  Jörg P. Müller,et al.  Agent UML: A Formalism for Specifying Multiagent Software Systems , 2001, Int. J. Softw. Eng. Knowl. Eng..

[12]  John DeTreville,et al.  Binder, a logic-based security language , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[13]  John Mylopoulos,et al.  Reasoning with Goal Models , 2002, ER.

[14]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[15]  John Mylopoulos,et al.  Analyzing security requirements as relationships among strategic actors , 2002 .

[16]  Vijay Karamcheti,et al.  dRBAC: distributed role-based access control for dynamic coalition environments , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[17]  Haralambos Mouratidis,et al.  Modelling secure multiagent systems , 2003, AAMAS '03.

[18]  Haralambos Mouratidis,et al.  Multi-agent Systems and Security Requirements Analysis , 2003, SELMAS.

[19]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[20]  John Mylopoulos,et al.  Requirements Engineering Meets Trust Management: Model, Methodology, and Reasoning , 2004, iTrust.

[21]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[22]  Fausto Giunchiglia,et al.  Tropos: An Agent-Oriented Software Development Methodology , 2004, Autonomous Agents and Multi-Agent Systems.

[23]  Haralambos Mouratidis,et al.  A security oriented approach in the development of multiagent systems : applied to the management of the health and social care needs of older people in England , 2004 .

[24]  Haralambos Mouratidis,et al.  When security meets software engineering: a case of modelling secure information systems , 2005, Inf. Syst..

[25]  John Mylopoulos,et al.  ST-tool: a CASE tool for security requirements engineering , 2005, 13th IEEE International Conference on Requirements Engineering (RE'05).

[26]  John Mylopoulos,et al.  Modeling security requirements through ownership, permission and delegation , 2005, 13th IEEE International Conference on Requirements Engineering (RE'05).

[27]  John Mylopoulos,et al.  Modeling Social and Individual Trust in Requirements Engineering Methodologies , 2005, iTrust.

[28]  Fabio Massacci,et al.  Security and Trust Requirements Engineering , 2005, FOSAD.