When security meets software engineering: a case of modelling secure information systems

Authors:
Haralambos Mouratidis;Paolo Giorgini;Gordon Manson
Affiliations:
Department of Computer Science, University of Sheffield, UK;Department of Information and Communication Technology, University of Trento, Italy;Department of Computer Science, University of Sheffield, UK
Venue:
Information Systems
Year:
2005

Citing 18
Cited 13

Dealing with non-functional requirements: three experimental studies of a process-oriented approach

Proceedings of the 17th international conference on Software engineering
SAAM: a method for analyzing the properties of software architectures

ICSE '94 Proceedings of the 16th international conference on Software engineering
Software architecture in practice

Software architecture in practice
Cryptography and network security (2nd ed.): principles and practice

Cryptography and network security (2nd ed.): principles and practice
Seven good reasons for mobile agents

Communications of the ACM
Design and use of software architectures: adopting and evolving a product-line approach

Design and use of software architectures: adopting and evolving a product-line approach
Security Engineering: A Guide to Building Dependable Distributed Systems

Security Engineering: A Guide to Building Dependable Distributed Systems
SecureUML: A UML-Based Modeling Language for Model-Driven Security

UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Reasoning with Goal Models

ER '02 Proceedings of the 21st International Conference on Conceptual Modeling
A Goal-Based Organizational Perspective on Multi-agent Architectures

ATAL '01 Revised Papers from the 8th International Workshop on Intelligent Agents VIII
A Requirements-Driven Development Methodology

CAiSE '01 Proceedings of the 13th International Conference on Advanced Information Systems Engineering
Using Abuse Case Models for Security Requirements Analysis

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Model Checking Early Requirements Specifications in Tropos

RE '01 Proceedings of the Fifth IEEE International Symposium on Requirements Engineering
Modelling strategic relationships for process reengineering

Modelling strategic relationships for process reengineering
Architectural styles and the design of network-based software architectures

Architectural styles and the design of network-based software architectures
Tropos: An Agent-Oriented Software Development Methodology

Autonomous Agents and Multi-Agent Systems
SP 800-19. Mobile Agent Security

SP 800-19. Mobile Agent Security
Countermeasures for mobile agent security

Computer Communications

Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development

CAiSE '08 Proceedings of the 20th international conference on Advanced Information Systems Engineering
Modelling Trust Requirements by Means of a Visualization Language

REV '08 Proceedings of the 2008 Requirements Engineering Visualization
Social Modeling and i*

Conceptual Modeling: Foundations and Applications
Allocating goals to agent roles during MAS requirements engineering

AOSE'06 Proceedings of the 7th international conference on Agent-oriented software engineering VII
A Personal Data Audit Method through Requirements Engineering

Computer Standards & Interfaces
Information systems development: a trust ontology

OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems - Volume Part I
A framework to support alignment of secure software engineering with legal regulations

Software and Systems Modeling (SoSyM)
Capturing security requirements in business processes through a UML 2.0 activity diagrams profile

CoMoGIS'06 Proceedings of the 2006 international conference on Advances in Conceptual Modeling: theory and practice
Towards a UML 2.0 extension for the modeling of security requirements in business processes

TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
Security patterns meet agent oriented software engineering: a complementary solution for developing secure information systems

ER'05 Proceedings of the 24th international conference on Conceptual Modeling
Idea: reusability of threat models – two approaches with an experimental evaluation

ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Survey and analysis on Security Requirements Engineering

Computers and Electrical Engineering
A privacy framework for the personal web

The Personal Web

Quantified Score

Hi-index	0.00

Visualization

Abstract

Although security is a crucial issue for information systems, traditionally, it is considered after the definition of the system. This approach often leads to problems, which most of the times translate into security vulnerabilities. From the viewpoint of the traditional security paradigm, it should be possible to eliminate such problems through better integration of security and software engineering. This paper firstly argues for the need to develop a methodology that considers security as an integral part of the whole system development process, and secondly it contributes to the current state of the art by proposing an approach that considers security concerns as an integral part of the entire system development process and by relating this approach with existing work. The different stages of the approach are described with the aid of a real-life case study; a health and social care information system.