Requirements engineering for trust management: model, methodology, and reasoning

Authors:
Paolo Giorgini;Fabio Massacci;John Mylopoulos;Nicola Zannone
Affiliations:
Department of Information and Communication Technology, University of Trento, Trento, Italy;Department of Information and Communication Technology, University of Trento, Trento, Italy;Department of Information and Communication Technology, University of Trento, Trento, Italy;Department of Information and Communication Technology, University of Trento, Trento, Italy
Venue:
International Journal of Information Security
Year:
2006

Citing 0
Cited 19

Computer-aided Support for Secure Tropos

Automated Software Engineering
A Model for New Zealand's Identity Verification Service

Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Extending UML sequence diagrams to model trust-dependent behavior with the aim to support risk analysis

Science of Computer Programming
Social Modeling and i*

Conceptual Modeling: Foundations and Applications
Experience on knowledge-based software engineering: A logic-based requirements language and its industrial applications

Journal of Systems and Software
No purpose, no data: goal-oriented access control forambient assisted living

Proceedings of the first ACM workshop on Security and privacy in medical and home-care systems
GoCoMM: a governance and compliance maturity model

Proceedings of the first ACM workshop on Information security governance
Service level agreements: web services and security

ICWE'07 Proceedings of the 7th international conference on Web engineering
Legal Patterns Implement Trust in IT Requirements: When Legal Means are the "Best" Implementation of IT Technical Goals

RELAW '09 Proceedings of the 2009 Second International Workshop on Requirements Engineering and Law
Infringo ergo sum: when will software engineering support infringements?

Proceedings of the FSE/SDP workshop on Future of software engineering research
Experiences from using a UML-based method for trust analysis in an industrial project on electronic procurement

Electronic Commerce Research
Deriving business processes with service level agreements from early requirements

Journal of Systems and Software
Modeling design patterns with description logics: a case study

CAiSE'11 Proceedings of the 23rd international conference on Advanced information systems engineering
A method for security governance, risk, and compliance (GRC): a goal-process approach

Foundations of security analysis and design VI
An iterative process for component-based software development centered on agents

Transactions on computational collective intelligence V
Orchestrating security and system engineering for evolving systems

ServiceWave'11 Proceedings of the 4th European conference on Towards a service-based internet
Sociotechnical trust: an architectural approach

ER'11 Proceedings of the 30th international conference on Conceptual modeling
Investigating Goal-Oriented Requirements Engineering for Business Processes

Journal of Database Management
Trust-based specification of sociotechnical systems

Data & Knowledge Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

A number of recent proposals aim to incorporate security engineering into mainstream software engineering. Yet, capturing trust and security requirements at an organizational level, as opposed to an IT system level, and mapping these into security and trust management policies is still an open problem. This paper proposes a set of concepts founded on the notions of ownership, permission, and trust and intended for requirements modeling. It also extends Tropos, an agent-oriented software engineering methodology, to support security requirements engineering. These concepts are formalized and are shown to support the automatic verification of security and trust requirements using Datalog. To make the discussion more concrete, we illustrate the proposal with a Health Care case study.