The alternating fixpoint of logic programs with negation
PODS '89 Proceedings of the eighth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
Role-Based Access Control Models
Computer
Classification of research efforts in requirements engineering
ACM Computing Surveys (CSUR)
Requirements of role-based access control for collaborative systems
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
Cryptography and network security (2nd ed.): principles and practice
Cryptography and network security (2nd ed.): principles and practice
Software engineering for security: a roadmap
Proceedings of the Conference on The Future of Software Engineering
Configuring role-based access control to enforce mandatory and discretionary access control policies
ACM Transactions on Information and System Security (TISSEC)
Handling Obstacles in Goal-Oriented Requirements Engineering
IEEE Transactions on Software Engineering - special section on current trends in exception handling—part II
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
Foundations of Databases: The Logical Level
Foundations of Databases: The Logical Level
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
Proceedings of the First International Workshop on Multi-Agent Systems and Agent-Based Simulation
Access Control: Policies, Models, and Mechanisms
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
The CORAS Framework for a Model-Based Risk Management Process
SAFECOMP '02 Proceedings of the 21st International Conference on Computer Safety, Reliability and Security
Security Requirements Engineering: When Anti-Requirements Hit the Fan
RE '02 Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering
RE '02 Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering
Agent-Oriented Modelling: Software versus the World
AOSE '01 Revised Papers and Invited Contributions from the Second International Workshop on Agent-Oriented Software Engineering II
Analyzing Website Privacy Requirements Using a Privacy Goal Taxonomy
RE '02 Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering
Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
On the Structure of Delegation Networks
CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Principles of Trust for MAS: Cognitive Anatomy, Social Importance, and Quantification
ICMAS '98 Proceedings of the 3rd International Conference on Multi Agent Systems
Modelling secure multiagent systems
AAMAS '03 Proceedings of the second international joint conference on Autonomous agents and multiagent systems
Security and Privacy Requirements Analysis within a Social Setting
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Specifying and Analyzing Early Requirements: Some Experimental Results
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Efficient comparison of enterprise privacy policies
Proceedings of the 2004 ACM symposium on Applied computing
Tropos: An Agent-Oriented Software Development Methodology
Autonomous Agents and Multi-Agent Systems
Using uml to visualize role-based access control constraints
Proceedings of the ninth ACM symposium on Access control models and technologies
Monitoring and Organizational-Level Adaptation of Multi-Agent Systems
AAMAS '04 Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems - Volume 2
A requirements taxonomy for reducing Web site privacy vulnerabilities
Requirements Engineering
MAC and UML for secure software design
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Eliciting security requirements with misuse cases
Requirements Engineering
Modeling Security Requirements Through Ownership, Permission and Delegation
RE '05 Proceedings of the 13th IEEE International Conference on Requirements Engineering
ST-Tool: A CASE Tool for Security Requirements Engineering
RE '05 Proceedings of the 13th IEEE International Conference on Requirements Engineering
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Monitoring teams by overhearing: a multi-agent plan-recognition approach
Journal of Artificial Intelligence Research
Computer Standards & Interfaces
Platform for enterprise privacy practices: privacy-enabled management of customer data
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Secure Systems Development with UML
Secure Systems Development with UML
Modeling social and individual trust in requirements engineering methodologies
iTrust'05 Proceedings of the Third international conference on Trust Management
ST-Tool: a CASE tool for modeling and analyzing trust requirements
iTrust'05 Proceedings of the Third international conference on Trust Management
Proceedings of the 11th international conference on Artificial intelligence and law
Computer-aided Support for Secure Tropos
Automated Software Engineering
Requirements model generation to support requirements elicitation: the Secure Tropos experience
Automated Software Engineering
Towards the development of privacy-aware systems
Information and Software Technology
Organizational aspect of trusted legally valid long-term electronic archive solution
WSEAS Transactions on Information Science and Applications
Designing Privacy-Aware Personal Health Record Systems
ER '08 Proceedings of the ER 2008 Workshops (CMLSA, ECDM, FP-UML, M2AS, RIGiM, SeCoGIS, WISM) on Advances in Conceptual Modeling: Challenges and Opportunities
Computational Logic in Multi-Agent Systems
A Model-Driven Approach for the Specification and Analysis of Access Control Policies
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Engineering of Software-Intensive Systems: State of the Art and Research Challenges
Software-Intensive Systems and New Computing Paradigms
An extended JADE-S based framework for developing secure Multi-Agent Systems
Computer Standards & Interfaces
S&D Pattern Deployment at Organizational Level: A Prototype for Remote Healthcare System
Electronic Notes in Theoretical Computer Science (ENTCS)
Towards a comprehensive requirements architecture for privacy-aware social recommender systems
APCCM '10 Proceedings of the Seventh Asia-Pacific Conference on Conceptual Modelling - Volume 110
Using special use cases for security in the software development life cycle
WISA'10 Proceedings of the 11th international conference on Information security applications
Semantic-Based development of service-oriented systems
FORTE'06 Proceedings of the 26th IFIP WG 6.1 international conference on Formal Techniques for Networked and Distributed Systems
Organizational Patterns for Security and Dependability: From Design to Application
International Journal of Secure Software Engineering
Hi-index | 0.00 |
Integrating security concerns throughout the whole software development process is one of today's challenges in software and requirements engineering research. A challenge that so far has proved difficult to meet. The major difficulty is that providing security does not only require to solve technical problems but also to reason on the organization as a whole. This makes the usage of traditional software engineering methologies difficult or unsatisfactory: most proposals focus on protection aspects of security and explicitly deal with low level protection mechanisms and only an handful of them show the ability of capturing the high-level organizational security requirements, without getting suddenly bogged down into security protocols or cryptography algorithms. In this paper we critically review the state of the art in security requirements engineering and discuss the motivations that led us to propose the Secure Tropos methodology, a formal framework for modelling and analyzing security, that enhances the agent-oriented software development methodology i*/Tropos. We illustrate the Secure Tropos approach, a comprehensive case study, and discuss some later refinements of the Secure Tropos methodology to address some of its shortcomings. Finally, we introduce the ST-Tool, a CASE tool that supports our methodology.