Handling Obstacles in Goal-Oriented Requirements Engineering
IEEE Transactions on Software Engineering - special section on current trends in exception handling—part II
Towards requirements-driven information systems engineering: the Tropos project
Information Systems - The 13th international conference on advanced information systems engineering (CAiSE*01)
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Tropos: An Agent-Oriented Software Development Methodology
Autonomous Agents and Multi-Agent Systems
Elaborating Security Requirements by Construction of Intentional Anti-Models
Proceedings of the 26th International Conference on Software Engineering
Using Abuse Frames to Bound the Scope of Security Problems
RE '04 Proceedings of the Requirements Engineering Conference, 12th IEEE International
Eliciting security requirements with misuse cases
Requirements Engineering
Modeling Security Requirements Through Ownership, Permission and Delegation
RE '05 Proceedings of the 13th IEEE International Conference on Requirements Engineering
Alignment of Misuse Cases with Security Risk Management
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Integrating security and systems engineering: towards the modelling of secure information systems
CAiSE'03 Proceedings of the 15th international conference on Advanced information systems engineering
Mal-activity diagrams for capturing attacks on business processes
REFSQ'07 Proceedings of the 13th international working conference on Requirements engineering: foundation for software quality
A goal oriented approach for modeling and analyzing security trade-offs
ER'07 Proceedings of the 26th international conference on Conceptual modeling
Modelling risk and identifying countermeasure in organizations
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
Towards a comprehensive framework for secure systems development
CAiSE'06 Proceedings of the 18th international conference on Advanced Information Systems Engineering
Modeling social and individual trust in requirements engineering methodologies
iTrust'05 Proceedings of the Third international conference on Trust Management
Conceptual Modeling: Foundations and Applications
ER '09 Proceedings of the 28th International Conference on Conceptual Modeling
Towards a decision model based on trust and security risk management
AISC '09 Proceedings of the Seventh Australasian Conference on Information Security - Volume 98
Using special use cases for security in the software development life cycle
WISA'10 Proceedings of the 11th international conference on Information security applications
Towards transformation guidelines from secure tropos to misuse cases (position paper)
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
Towards legal privacy risk assessment and specification
TrustBus'11 Proceedings of the 8th international conference on Trust, privacy and security in digital business
Aligning mal-activity diagrams and security risk management for security requirements definitions
REFSQ'12 Proceedings of the 18th international conference on Requirements Engineering: foundation for software quality
A Unified Use-Misuse Case Model for Capturing and Analysing Safety and Security Requirements
International Journal of Information Security and Privacy
Comparing Misuse Case and Mal-Activity Diagrams for Modelling Social Engineering Attacks
International Journal of Secure Software Engineering
Countermeasure graphs for software security risk assessment: An action research
Journal of Systems and Software
Comparing attack trees and misuse cases in an industrial setting
Information and Software Technology
Hi-index | 0.00 |
Security is a major target for today's information systems (IS) designers. Security modelling languages exist to reason on security in the early phases of IS development, when the most crucial design decisions are made. Reasoning on security involves analysing risk, and effectively communicating risk-related information. However, we think that current languages can be improved in this respect. In this paper, we discuss this issue for Secure Tropos, the language supporting the eponymous agent-based IS development. We analyse it and suggest improvements in the light of an existing reference model for IS security risk management. This allows for checking Secure Tropos concepts and terminology against those of current risk management standards, thereby improving the conceptual appropriateness of the language. The paper follows a running example, called eSAP, located in the healthcare domain.