Abstract. Security issues for software systems ultimately concern relationships among social actors – stakeholders, users, potential attackers, etc.-- and software acting on their behalf. In assessing vulnerabilities and mitigation measures, actors make strategic decisions to achieve desired levels of security while trading off competing requirements such as costs, performance, usability and so on. This paper explores the explicit modeling of relationships among strategic actors in order to elicit, identify and analyze security requirements. In particular, actor dependency analysis helps in the identification of attackers and their potential threats, while actor goal analysis helps to elicit the dynamic decision making process of system players for security issues. Patterns of relationships at various levels of abstraction (e.g. intentional dependencies among abstract roles) can be studied separately. These patterns can be selectively applied and combined for analyzing specific system configurations. The approach is particularly suitable for new Internet applications where layers of software entities and human roles interact to create complex security challenges. Examples from Peer-to-Peer computing are used to illustrate the proposed framework. 1.

Use cases have proven helpful for eliciting, communicating and documenting requirements. But whereas functional requirements are well supported, use cases provide less support for working with extra-functional requirements, such as security requirements. With the advent of e-commerce applications, security and other extra-functional requirements are growing in importance. In an earlier paper, the authors have introduced the concept of misuse cases -- inverted use cases to denote functions that should not be possible to perform in a system. In this paper, security related misuse cases are elaborated in further detail through a discussion of templates for their textual description.

The paper proposes a reuse-based approach to determining security requirements. Development for reuse involves identifying security threats and associated security generic threats --- expressed as misue cases --- and requirements --- expressed as security use cases. Development with reuse involves identifying security assets, setting security goals for requirements, based on reuse of generic threats and requirements from the repository.

Policies are rules governing the choices in behaviour of a system. They are often used as a means of implementing flexible and adaptive systems for management of internet services, distributed systems, and security systems. There is also a need for a common specification of security policy for large-scale, multiorganisational systems where access control is implemented in a variety of heterogeneous components. In this paper we survey both security and management policy specification approaches. We also cover the issues relating to detecting and resolving conflicts which can arise in the policies and some ideas on how to refine high level goals and service level agreements into implementable policies. The paper briefly outlines some of the research issues that have to be solved for large-scale adoption of policy-based systems.

In this paper we propose an approach that can be used to generate traceability relations between organisational models specified in i * and software systems models represented in UML (in particular use case and class diagrams). Our approach proposes different types of traceability relationships between i* and UML models and uses traceability rules to generate the different types of traceability relations between them. The traceability rules and traceable models are represented in XML. This makes possible the use of our approach in settings where the models are created and managed autonomously. The approach is supported by a prototype tool that interprets the rules and generates traceability relations.

While the Internet serves as a virtual marketplace that is dramatically changing the way business is conducted, security and privacy issues are of deeper concern than ever before. The evolutionary nature of electronic commerce systems, highlights the need for conceptual support for requirements discovery, elaboration and validation. Moreover, there is great need for mechanisms to provide practitioners with more formal approaches for determining and assessing the security and privacy needs of electronic commerce systems. This paper focuses on the authors efforts to integrate core research and educational objectives. Our research addresses a number of important issues in the design and evolution of electronic commerce systems. The ultimate goal of our work is to demonstrate viable solutions for supporting the early stages of the software lifecycle, specifically addressing the need for novel approaches to ensure security and privacy requirements coverage. We seek to provide increased vi...

Increasingly, new regulations are governing organizations and their information systems. Individuals responsible for ensuring legal compliance and accountability currently lack sufficient guidance and support to manage their legal obligations within relevant information systems. While software controls provide assurances that business processes adhere to specific requirements, such as those derived from government regulations, there is little support to manage these requirements and their relationships to various policies and regulations. We propose a requirements management framework that enables executives, business managers, software developers and auditors to distribute legal obligations across business units and/or personnel with different roles and technical capabilities. This framework improves accountability by integrating traceability throughout the policy and requirements lifecycle. We illustrate the framework within the context of a concrete healthcare scenario in which obligations incurred from the Health Insurance Portability and Accountability Act (HIPAA) are delegated and refined into software requirements. Additionally, we show how auditing mechanisms can be integrated into the framework and how auditors can certify that specific chains of delegation and refinement decisions comply with government regulations. 1.

Unlimited distribution subject to the copyright. This report was prepared for the