Results 1 - 10
of
97
Security requirements engineering: A framework for representation and analysis
- IEEE TRANSACTIONS ON SOFTWARE ENGINEERING
, 2008
"... This paper presents a framework for security requirements elicitation and analysis. The framework is based on constructing a context for the system, representing security requirements as constraints, and developing satisfaction arguments for the security requirements. The system context is describe ..."
Abstract
-
Cited by 76 (15 self)
- Add to MetaCart
(Show Context)
This paper presents a framework for security requirements elicitation and analysis. The framework is based on constructing a context for the system, representing security requirements as constraints, and developing satisfaction arguments for the security requirements. The system context is described using a problem-oriented notation, then is validated against the security requirements through construction of a satisfaction argument. The satisfaction argument consists of two parts: a formal argument that the system can meet its security requirements and a structured informal argument supporting the assumptions expressed in the formal argument. The construction of the satisfaction argument may fail, revealing either that the security requirement cannot be satisfied in the context or that the context does not contain sufficient information to develop the argument. In this case, designers and architects are asked to provide additional design information to resolve the problems. We evaluate the framework by applying it to a security requirements analysis within an air traffic control technology evaluation project.
Analyzing regulatory rules for privacy and security requirements
- IEEE Transactions on Software Engineering
, 2008
"... Abstract—Information practices that use personal, financial, and health-related information are governed by US laws and regulations to prevent unauthorized use and disclosure. To ensure compliance under the law, the security and privacy requirements of relevant software systems must properly be alig ..."
Abstract
-
Cited by 71 (13 self)
- Add to MetaCart
(Show Context)
Abstract—Information practices that use personal, financial, and health-related information are governed by US laws and regulations to prevent unauthorized use and disclosure. To ensure compliance under the law, the security and privacy requirements of relevant software systems must properly be aligned with these regulations. However, these regulations describe stakeholder rules, called rights and obligations, in complex and sometimes ambiguous legal language. These “rules ” are often precursors to software requirements that must undergo considerable refinement and analysis before they become implementable. To support the software engineering effort to derive security requirements from regulations, we present a methodology for directly extracting access rights and obligations from regulation texts. The methodology provides statement-level coverage for an entire regulatory document to consistently identify and infer six types of data access constraints, handle complex cross references, resolve ambiguities, and assign required priorities between access rights and obligations to avoid unlawful information disclosures. We present results from applying this methodology to the entire regulation text of the US Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Index Terms—Data security and privacy, laws and regulations, compliance, accountability, requirements engineering.
Towards regulatory compliance: Extracting rights and obligations to align requirements with regulations. In: Requirements Engineering,
, 2006
"... ..."
(Show Context)
Social modeling and i*
- CONCEPTUAL MODELING: FOUNDATIONS AND APPLICATIONS: ESSAYS IN HONOR OF JOHN MYLOPOULOS
, 2009
"... Many different types of models are used in various scientific and engineering fields, reflecting the subject matter and the kinds of understanding that is sought in each field. Conceptual modeling techniques in software and information systems engineering have in the past focused mainly on describin ..."
Abstract
-
Cited by 31 (7 self)
- Add to MetaCart
Many different types of models are used in various scientific and engineering fields, reflecting the subject matter and the kinds of understanding that is sought in each field. Conceptual modeling techniques in software and information systems engineering have in the past focused mainly on describing and analyzing behaviours and structures that are implementable in software. As software systems become ever more complex and densely intertwined with the human social environment, we need models that reflect the social characteristics of complex systems. This chapter reviews the approach taken by the i* framework, highlights its application in several areas, and outlines some open research issues.
A Goal Oriented Approach for Modeling and Analyzing Security Trade-Offs, To be appeared
- in Proceeding of 26th International Conference on Conceptual Modeling (ER2007
, 2007
"... In designing software systems, security is typically only one design objective among many. It may compete with other objectives such as functionality, usability, and performance. Too often, security mechanisms such as firewalls, access control, or encryption are adopted without explicit recognition ..."
Abstract
-
Cited by 30 (9 self)
- Add to MetaCart
(Show Context)
In designing software systems, security is typically only one design objective among many. It may compete with other objectives such as functionality, usability, and performance. Too often, security mechanisms such as firewalls, access control, or encryption are adopted without explicit recognition of competing design objectives and their origins in stakeholder interests. Recently, there is increasing acknowledgement that security is ultimately about trade-offs. One can only aim for “good enough ” security, given the competing demands from many parties. Furthermore, one of the main challenges that software designers face is the lack of a common accessible body of security trade-offs knowledge. This work proposes a goal oriented conceptual modeling technique for explicit and systematic modeling and analyzing security trade-offs, taking advantage of i * framework as the basis of the modeling notation. The technique is accompanied by a proposal for a software security trade-off knowledge base which catalogues common vulnerabilities and attacks, alternative security solutions for each one, impact of mechanisms on other goals and threats. The proposal is illustrated by several examples and case studies. ii Acknowledgements I am in debt to my supervisor, Prof. Eric Yu, for introducing me to the research area of goal-oriented modeling, and for helping me to define and refine my ideas on topic of security trade-offs modeling and analyzing. I am grateful for knowledge and experience gained through the collaborations I had with him in the course of my Master’s thesis and a joint publication which was the result of this work. My special thanks go to John Mylopoulos for providing constructive feedbacks on preliminary ideas of this work during the “Conceptual Modeling ” course project. I am
Security and trust requirements engineering
- in Proc. of FOSAD, 2005
"... Abstract. Integrating security concerns throughout the whole software development process is one of today’s challenges in software and requirements engineering research. A challenge that so far has proved difficult to meet. The major difficulty is that providing security does not only require to sol ..."
Abstract
-
Cited by 26 (10 self)
- Add to MetaCart
(Show Context)
Abstract. Integrating security concerns throughout the whole software development process is one of today’s challenges in software and requirements engineering research. A challenge that so far has proved difficult to meet. The major difficulty is that providing security does not only require to solve technical problems but also to reason on the organization as a whole. This makes the usage of traditional software engineering methologies difficult or unsatisfactory: most proposals focus on protection aspects of security and explicitly deal with low level protection mechanisms and only an handful of them show the ability of capturing the high-level organizational security requirements, without getting suddenly bogged down into security protocols or cryptography algorithms. In this paper we critically review the state of the art in security requirements engineering and discuss the motivations that led us to propose the Secure Tropos methodology, a formal framework for modelling and analyzing security, that enhances the agent-oriented software development methodology i*/Tropos. We illustrate the Secure Tropos approach, a comprehensive case study, and discuss some later refinements of the Secure Tropos methodology to address some of its shortcomings. Finally, we introduce the ST-Tool, a CASE tool that supports our methodology. 1
Building decision support problem domain ontology from natural language requirements for software assurance
- Int’l Journal on Software Engg & Knowledge Engg
, 2006
"... The process of engineering software-intensive systems that comply with their Certification and Accreditation (C&A) requirements involves many critical decision-making activities for the related stakeholders. Considering the exhaustive nature of C&A activities together with the complexity of ..."
Abstract
-
Cited by 18 (11 self)
- Add to MetaCart
(Show Context)
The process of engineering software-intensive systems that comply with their Certification and Accreditation (C&A) requirements involves many critical decision-making activities for the related stakeholders. Considering the exhaustive nature of C&A activities together with the complexity of software-intensive systems, effective decision making relies heavily on the ways to understand and structure the problem domain concepts concerning decision points for interpretation, applicability, scope, evaluation, and impact of the enforced C&A requirements. These decision points are further complicated by natural language specifications of inherently non-functional C&A requirements scattered across multiple regulatory documents with complex interdependencies at different levels of abstractions in the organizational hierarchy, which often result in subjective interpretations and non-standard implementations of the C&A process. To address these issues, we define a systematic methodology using novel techniques from software Requirements Engineering (RE) and knowledge engineering for understanding and structuring the problem domain concepts based on a uniform representation format that promotes common understanding among stakeholders. Specifically, we use advanced ontological
Hierarchical Hippocratic Databases with Minimal Disclosure for Virtual Organizations
- VLDBJ
"... Abstract The protection of customer privacy is a fundamental issue in today’s corporate marketing strategies. Not surprisingly, many research efforts have proposed new privacy-aware technologies. Among them, Hippocratic databases offer mechanisms for enforcing privacy rules in database systems for i ..."
Abstract
-
Cited by 17 (6 self)
- Add to MetaCart
(Show Context)
Abstract The protection of customer privacy is a fundamental issue in today’s corporate marketing strategies. Not surprisingly, many research efforts have proposed new privacy-aware technologies. Among them, Hippocratic databases offer mechanisms for enforcing privacy rules in database systems for inter-organizational business processes (also known as virtual organizations). This paper extends these mechanisms to allow for hierarchical purposes, distributed authorizations and minimal disclosure supporting the business processes of virtual organizations that want to offer their clients a number of ways to fulfill a service. Specifically, we use a goal-oriented approach to analyze privacy policies of the enterprises involved in a business process. Based on the purpose hierarchy derived through a goal refinement process, we provide algorithms for determining the minimum set of authorizations needed to achieve a service. This allows us to automatically derive access control policies for an inter-organizational business process from the collection of privacy policies associated with different participating enterprises. By using effective on-line algorithms, the derivation of such minimal information can also be done on-the-fly by the customer wishing to access a service.
Security Requirements Engineering via Commitments
"... with the elicitation of security needs and the specification of security requirements of the system-to-be. Current approaches to SRE either express stakeholders ’ needs via highlevel organisational abstractions that are hard to map to system design, or specify only technical security requirements. I ..."
Abstract
-
Cited by 16 (14 self)
- Add to MetaCart
(Show Context)
with the elicitation of security needs and the specification of security requirements of the system-to-be. Current approaches to SRE either express stakeholders ’ needs via highlevel organisational abstractions that are hard to map to system design, or specify only technical security requirements. In this paper, we introduce SecCo, an SRE framework that starts with goal-oriented modelling of the security needs and derives security requirements from such needs. Importantly, SecCo relates security requirements to the interaction among actors. Security requirements are specified as social commitments— promises with contractual validity from one actor to another— that define constraints on the way actors can interact. These commitments shall be implemented by the system-to-be. Index Terms—Security requirements; Goal models; Commitments I.
Designing security requirements models through planning
- In Proceedings of CAiSE'06, 2006
, 2006
"... Abstract. The quest for designing secure and trusted software has led to refined Software Engineering methodologies that rely on tools to support the design process. Automated reasoning mechanisms for requirements and software verification are by now a well-accepted part of the design process, and m ..."
Abstract
-
Cited by 15 (10 self)
- Add to MetaCart
(Show Context)
Abstract. The quest for designing secure and trusted software has led to refined Software Engineering methodologies that rely on tools to support the design process. Automated reasoning mechanisms for requirements and software verification are by now a well-accepted part of the design process, and model driven architectures support the automation of the refinement process. We claim that we can further push the envelope towards the automatic exploration and selection among design alternatives and show that this is concretely possible for Secure Tropos, a requirements engineering methodology that addresses security and trust concerns. In Secure Tropos, a design consists of a network of actors (agents, positions or roles) with delegation/permission dependencies among them. Accordingly, the generation of design alternatives can be accomplished by a planner which is given as input a set of actors and goals and generates alternative multiagent plans to fulfill all given goals. We validate our claim with a case study using a state-of-the-art planner. 1
