Reasoning about willingness in networks of agents
Proceedings of the 2006 international workshop on Software engineering for large-scale multi-agent systems
Hierarchical hippocratic databases with minimal disclosure for virtual organizations
The VLDB Journal — The International Journal on Very Large Data Bases
Modeling Delegation through an i*-based Approach
IAT '06 Proceedings of the IEEE/WIC/ACM international conference on Intelligent Agent Technology
A risk-driven security analysis method and modelling language
BT Technology Journal
Research Directions in Requirements Engineering
FOSE '07 2007 Future of Software Engineering
Engineering Trust Management into Software Models
MISE '07 Proceedings of the International Workshop on Modeling in Software Engineering
Reasoning About Willingness in Networks of Agents
Software Engineering for Multi-Agent Systems V
CAiSE '08 Proceedings of the 20th international conference on Advanced Information Systems Engineering
Enforcing a security pattern in stakeholder goal models
Proceedings of the 4th ACM workshop on Quality of protection
Proceedings of the 4th ACM workshop on Quality of protection
Designing Privacy-Aware Personal Health Record Systems
ER '08 Proceedings of the ER 2008 Workshops (CMLSA, ECDM, FP-UML, M2AS, RIGiM, SeCoGIS, WISM) on Advances in Conceptual Modeling: Challenges and Opportunities
Validating Access Control Configurations in J2EE Applications
CBSE '08 Proceedings of the 11th International Symposium on Component-Based Software Engineering
Experimental comparison of attack trees and misuse cases for security threat identification
Information and Software Technology
Optimal Privacy-Aware Path in Hippocratic Databases
DASFAA '09 Proceedings of the 14th International Conference on Database Systems for Advanced Applications
Toward practical analysis for trust management policy
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Modeling and analysis of security trade-offs - A goal oriented approach
Data & Knowledge Engineering
A UML 2.0 profile to define security requirements for Data Warehouses
Computer Standards & Interfaces
Conceptual Modeling: Foundations and Applications
Validating complex interactions in air traffic management
HSI'09 Proceedings of the 2nd conference on Human System Interactions
Monitoring and Diagnosing Malicious Attacks with Autonomic Software
ER '09 Proceedings of the 28th International Conference on Conceptual Modeling
ER '09 Proceedings of the 28th International Conference on Conceptual Modeling
Designing Law-Compliant Software Requirements
ER '09 Proceedings of the 28th International Conference on Conceptual Modeling
A goal oriented approach for modeling and analyzing security trade-offs
ER'07 Proceedings of the 26th international conference on Conceptual modeling
Comparing three formal analysis approaches of the tropos family
AOIS'06 Proceedings of the 8th international Bi conference on Agent-oriented information systems IV
Tool-supported development with Tropos: the conference management system case study
AOSE'07 Proceedings of the 8th international conference on Agent-oriented software engineering VIII
Security validation of business processes via model-checking
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Towards transformation guidelines from secure tropos to misuse cases (position paper)
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
A framework to support alignment of secure software engineering with legal regulations
Software and Systems Modeling (SoSyM)
An iterative process for component-based software development centered on agents
Transactions on computational collective intelligence V
Managing multi-jurisdictional requirements in the cloud: towards a computational legal landscape
Proceedings of the 3rd ACM workshop on Cloud computing security workshop
Towards HIPAA-compliant healthcare systems
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Trust: from cognition to conceptual models and design
CAiSE'06 Proceedings of the 18th international conference on Advanced Information Systems Engineering
Designing security requirements models through planning
CAiSE'06 Proceedings of the 18th international conference on Advanced Information Systems Engineering
Security and trust requirements engineering
Foundations of Security Analysis and Design III
How to select a security requirements method? a comparative study with students and practitioners
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
STS-tool: using commitments to specify socio-technical security requirements
ER'12 Proceedings of the 2012 international conference on Advances in Conceptual Modeling
A Unified Use-Misuse Case Model for Capturing and Analysing Safety and Security Requirements
International Journal of Information Security and Privacy
Regulatory requirements traceability and analysis using semi-formal specifications
REFSQ'13 Proceedings of the 19th international conference on Requirements Engineering: Foundation for Software Quality
A privacy framework for the personal web
The Personal Web
Comparing attack trees and misuse cases in an industrial setting
Information and Software Technology
Software and Systems Modeling (SoSyM)
Formal verification of security properties in trust management policy
Journal of Computer Security
| Hi-index | 0.00 |
Security Requirements Engineering is emerging as a branch of Software Engineering, spurred by the realization that security must be dealt with early on during the requirements phase. Methodologies in this ?eld are challenging, as they must take into account subtle notions such as trust (or lack thereof), delegation, and permission; they must also model entire organizations and not only systems-to-be. In our previous work we introduced Secure Tropos, a formal framework for modeling and analyzing security requirements. Secure Tropos is founded on three main notions: ownership, trust, and delegation. In this paper we re?ne Secure Tropos introducing the notions of at-least delegation and trust of execution; also, at-most delegation and trust of permission. We also propose monitoring as a security design pattern intended to overcome the problem of lack of trust between actors. The paper presents a semantics for these notions, and describes an implemented formal reasoning tool based on Datalog.