Results 1 - 10
of
33
Security and Privacy Requirements Analysis within a Social Setting
- In Proc. of RE’03
, 2003
"... Security issues for software systems ultimately concern relationships among social actors-stakeholders, system users, potential attackers- and the software acting on their behalf. This paper proposes a methodological framework for dealing with security and privacy requirements based on i*, an agent- ..."
Abstract
-
Cited by 139 (19 self)
- Add to MetaCart
(Show Context)
Security issues for software systems ultimately concern relationships among social actors-stakeholders, system users, potential attackers- and the software acting on their behalf. This paper proposes a methodological framework for dealing with security and privacy requirements based on i*, an agent-oriented requirements modeling language. The framework supports a set of analysis techniques. In particular, attacker analysis helps identify potential system abusers and their malicious intents. Dependency vulnerability analysis helps detect vulnerabilities in terms of organizational relationships among stakeholders. Countermeasure analysis supports the dynamic decisionmaking process of defensive system players in addressing vulnerabilities and threats. Finally, access control analysis bridges the gap between security requirement models and security implementation models. The framework is illustrated with an example involving security and privacy concerns in the design of agentbased health information systems. In addition, we discuss model evaluation techniques, including qualitative goal model analysis and property verification techniques based on model checking. 1.
Designing for Privacy and Other Competing Requirements
- In Proceedings of the 2nd Symposium on Requirements Engineering for Information Security (SREIS-02
, 2002
"... Privacy may be interpreted in different ways in different contexts, and may be achieved by means of different mechanisms. It is also frequently intertwined with security concerns. However, other requirements such as functionality, usability and reliability, must also be addressed since they often co ..."
Abstract
-
Cited by 36 (1 self)
- Add to MetaCart
Privacy may be interpreted in different ways in different contexts, and may be achieved by means of different mechanisms. It is also frequently intertwined with security concerns. However, other requirements such as functionality, usability and reliability, must also be addressed since they often compete among each other. While the understanding of technical mechanisms for addressing privacy has been growing, systematic approaches are needed to guide software engineers to elicit, model and reason about privacy requirements and to address them during design. In a networked world, multi-agent systems have been emerging as a new approach. Each agent may have his own goals and beliefs and social relationships with each other. Each agent may have his own perspective concerning privacy. Perspectives from different agents may conflict with each other. Moreover, they may conflict with other requirements such as availability and performance. In this paper we present a framework to model the way agents interact with each other to achieve their goals. The framework uses a catalogue to guide the software engineer through alternatives for achieving privacy. Each alternative will be modeled showing how it contributes to privacy as well as to other requirements within this agent or in other agents. The approach is based on the i* framework. Privacy is modeled as a special type of goal. We show how one can model privacy concerns for each agent and the different alternatives for operationalizing it. An example in the health care domain is used to illustrate.
Privacy preserving ehr system using attributebased infrastructure,” ser
- CCSW
"... ABSTRACT Secure management of Electronic Health Records (EHR) in a distributed computing environment such as cloud computing where computing resources including storage is provided by a third party service provider is a challenging task. In this paper, we explore techniques which guarantees securit ..."
Abstract
-
Cited by 32 (0 self)
- Add to MetaCart
(Show Context)
ABSTRACT Secure management of Electronic Health Records (EHR) in a distributed computing environment such as cloud computing where computing resources including storage is provided by a third party service provider is a challenging task. In this paper, we explore techniques which guarantees security and privacy of medical data stored in the cloud. We show how new primitives in attribute-based cryptography can be used to construct a secure and privacy-preserving EHR system that enables patients to share their data among healthcare providers in a flexible, dynamic and scalable manner.
A Goal Oriented Approach for Modeling and Analyzing Security Trade-Offs, To be appeared
- in Proceeding of 26th International Conference on Conceptual Modeling (ER2007
, 2007
"... In designing software systems, security is typically only one design objective among many. It may compete with other objectives such as functionality, usability, and performance. Too often, security mechanisms such as firewalls, access control, or encryption are adopted without explicit recognition ..."
Abstract
-
Cited by 30 (9 self)
- Add to MetaCart
(Show Context)
In designing software systems, security is typically only one design objective among many. It may compete with other objectives such as functionality, usability, and performance. Too often, security mechanisms such as firewalls, access control, or encryption are adopted without explicit recognition of competing design objectives and their origins in stakeholder interests. Recently, there is increasing acknowledgement that security is ultimately about trade-offs. One can only aim for “good enough ” security, given the competing demands from many parties. Furthermore, one of the main challenges that software designers face is the lack of a common accessible body of security trade-offs knowledge. This work proposes a goal oriented conceptual modeling technique for explicit and systematic modeling and analyzing security trade-offs, taking advantage of i * framework as the basis of the modeling notation. The technique is accompanied by a proposal for a software security trade-off knowledge base which catalogues common vulnerabilities and attacks, alternative security solutions for each one, impact of mechanisms on other goals and threats. The proposal is illustrated by several examples and case studies. ii Acknowledgements I am in debt to my supervisor, Prof. Eric Yu, for introducing me to the research area of goal-oriented modeling, and for helping me to define and refine my ideas on topic of security trade-offs modeling and analyzing. I am grateful for knowledge and experience gained through the collaborations I had with him in the course of my Master’s thesis and a joint publication which was the result of this work. My special thanks go to John Mylopoulos for providing constructive feedbacks on preliminary ideas of this work during the “Conceptual Modeling ” course project. I am
Requirements Engineering for Large-Scale Multi-Agent Systems”; in
- In: Proceedings of the 1st International Central and Eastern European Conference on Multi-Agent Systems (CEEMAS
, 2003
"... Abstract. Large-scale software systems typically involve a large number of actors playing different roles, interacting with each other to achieve personal and common goals. As agent-based software technologies advance, systematic methods are needed to support the development of large-scale multi-age ..."
Abstract
-
Cited by 15 (7 self)
- Add to MetaCart
(Show Context)
Abstract. Large-scale software systems typically involve a large number of actors playing different roles, interacting with each other to achieve personal and common goals. As agent-based software technologies advance, systematic methods are needed to support the development of large-scale multi-agent systems. As with other kinds of software systems, successful system development relies on in-depth understanding of stakeholder needs and wants, and their effective translation into system requirements, and eventually into executable software. This paper presents a requirements engineering methodology based on agent concepts at the requirements modeling level. The strategic actor is used as the central organizing construct during requirements elicitation and analysis. In considering alternative arrangements of work processes and system interactions, strategic actors seek to exploit opportunities and avoid vulnerabilities. The methodology starts by building a lexicon as a preliminary step. The relevant actors are then identified. A breadth coverage step produces a first-cut model of the domain and the social relationships within it. The models are then developed depth-wise to capture organizational and individual goals and to explore alternatives. The methodology complements and extends the i * modelling framework. By taking into account agent characteristics such as autonomy, intentionality, and sociality starting from the requirements level, the methodology leads naturally into the development of large-scale systems that employ multi-agent software technologies. An example from the healthcare domain is used to illustrate the methodology. 1.
Active Trust Management for Autonomous Adaptive Survivable Systems
, 2000
"... Contents 1 Innovative Claims 1 2 Technical Rationale 2 2.1 A Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2.2 Trust in Survivable Systems: An Overview . . . . . . . . . . . . . . . . . . . 4 2.2.1 Trust and rational decision making should supplant traditional ..."
Abstract
-
Cited by 8 (2 self)
- Add to MetaCart
(Show Context)
Contents 1 Innovative Claims 1 2 Technical Rationale 2 2.1 A Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2.2 Trust in Survivable Systems: An Overview . . . . . . . . . . . . . . . . . . . 4 2.2.1 Trust and rational decision making should supplant traditional notions of protection as the core concepts of Survivability . . . . . . . . . . . 4 2.2.2 How Active Trust Management can support Autonomous Adaptive Survivable Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2.3 Trust and Compromise Models provide explicit models of the Trustworthiness of computational resources and of the forms of of their Compromise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2.4 Perpetual Analytic Monitoring keeps the Trust Model current by detecting events and Trend Patterns which are indicative of compromise 8 2.2.5 The Autonomous Adaptive Survivable System infrastructure uses Trust Models and models of
Agent-Oriented Methodologies -- Towards A Challenge Exemplar
- 4TH INTL. WORKSHOP ON AGENT-ORIENTED INFORMATION SYSTEMS (AOIS’02
, 2002
"... The agent-oriented approach to software development is transitioning from the prototyping done by researchers to the development of large-scale industrial-strength applications by software professionals. For this to succeed, methodologies are needed to systematically guide and support developers ..."
Abstract
-
Cited by 8 (1 self)
- Add to MetaCart
The agent-oriented approach to software development is transitioning from the prototyping done by researchers to the development of large-scale industrial-strength applications by software professionals. For this to succeed, methodologies are needed to systematically guide and support developers through the various stages of system development. A number of agent-oriented methodologies have been proposed recently, offering a variety of conceptual frameworks, notations, techniques, and methodological steps. The diversity of approaches offers rich resources for developers to draw on, but can also be a hindrance to progress if their commonalities and divergences are not readily understood. One way to establish a common context for probing and relating various methodologies is to define and adopt a standardized example setting (or "exemplar") to focus discussion and debate. This paper proposes an exemplar from the health care domain. It is structured into a set of scenarios, supplemented by a series of questions to be posed to each methodology. We consider how an exemplar might serve the needs of the agent-oriented methodology community, and discuss the criteria for selecting an exemplar.
Designing for Privacy in a Multi-Agent World
- Trust, Reputation and Security: Theories and Practice
, 2003
"... Abstract: In a multi-agent world, privacy may have different meaning and significance for different agents. From a system design viewpoint, a practical approach to privacy should allow for a variety of perceptions and perspectives on privacy. Furthermore, privacy must be considered together with all ..."
Abstract
-
Cited by 7 (0 self)
- Add to MetaCart
(Show Context)
Abstract: In a multi-agent world, privacy may have different meaning and significance for different agents. From a system design viewpoint, a practical approach to privacy should allow for a variety of perceptions and perspectives on privacy. Furthermore, privacy must be considered together with all the other requirements- functionality, usability, performance, costs, security, and so on. While there is a growing body of knowledge about privacy issues and how to address them through technical and non-technical means, systematic frameworks are needed to assist system analysts and designers in identifying, analyzing, and addressing these issues. In a networked, multi-agent environment, privacy concerns arise in the context of complex relationships among many human and automated agents. Each agent could have different viewpoints on what notions of privacy apply, and what mechanisms are appropriate for providing adequate privacy, in light of other competing or synergistic requirements. In this paper, we show how the i* framework can be used to model and reason about privacy requirements and solutions. Agents have privacy goals which are refined, then operationalized into implementable mechanisms, often through dependencies on other agents. To support early-stage design decisions, the impact of alternative solutions are assessed by propagating qualitative evaluations through a dependency network. A example in the health care domain is used to illustrate. 1.
Designing peer-to-peer applications: an agent-oriented approach
- Proceedings of the Second International Joint Conference on Autonomous Agents and Multiagent Systems
, 2002
"... Abstract. This paper focuses on design issues to be faced when developing knowledge management (KM) applications based on the integration of peer-to-peer and multi-agent technologies. The reasons for using these technologies rest on the requirements posed by the specific KM paradigm that has been ad ..."
Abstract
-
Cited by 7 (3 self)
- Add to MetaCart
(Show Context)
Abstract. This paper focuses on design issues to be faced when developing knowledge management (KM) applications based on the integration of peer-to-peer and multi-agent technologies. The reasons for using these technologies rest on the requirements posed by the specific KM paradigm that has been adopted, which emphasizes aspects such as autonomy and distribution of knowledge sources. We adopt an agent-oriented approach that extends Tropos, a software engineering methodology introduced in earlier papers. We present a characterization of peer-to-peer in terms of a general architectural pattern, a set of design guidelines for peerto-peer applications, and a framework that integrates multi-agent and peer-to-peer concepts and technologies. 1
Reusable Knowledge for Satisficing Usability Requirements
- Proc. 13th Int’l Conf. Requirements Eng
, 2005
"... Abstract. Usability is becoming increasingly recognized as being an important factor in the acceptance of systems by end users. Usability requirements can be considered to be requirements that capture the usability goals and associated measures for a system under development. In order to ensure usab ..."
Abstract
-
Cited by 6 (1 self)
- Add to MetaCart
(Show Context)
Abstract. Usability is becoming increasingly recognized as being an important factor in the acceptance of systems by end users. Usability requirements can be considered to be requirements that capture the usability goals and associated measures for a system under development. In order to ensure usable systems we must ensure identification of appropriate requirements regarding these critical aspects of systems. However, a number of difficulties exist, for example it may be difficult to quantify and precisely specify these qualities in software systems. There is a basic need for systematic approaches to reason, model and analyze usability from the early stages of the software development. Furthermore, it is necessary to develop a usable ontology or classification of measurable aspects of usability that can be used to aid in the specification of usability requirements. These ontologies should be represented in a way that facilitates their use as guidelines for the requirements elicitation process. This work builds on review of literature in the area of humancomputer interaction and the emerging field of usability engineering in developing a catalog of aspects of usability that can be considered during requirements gathering. This catalogue is used to guide the requirements engineer through alternatives for achieving usability. The approach is based on the use of the i* framework, having usability modeled as a special type of goal. We show how usability can be modelled through different viewpoints with different alternatives for operationalizing it. An example in the health care domain is used to illustrate. 1.
