A requirements engineering methodology for trust, security, and privacy

Security Requirements Engineering is emerging as a branch of Software Engineering, spurred by the realization that security must be dealt with early on during the requirements phase. This entails capturing security, privacy, and trust requirements at an organizational level, as opposed to an IT system level. Specifically, the development of secure and privacy-aware systems requires to explicitly model the goals and trust relations of stakeholders of the system which will be partially implemented by the IT system and partially by organizational procedures. To this end, we propose Secure Tropos, an agent-oriented requirements engineering methodology tailored to model and analyze security, privacy, and trust requirements of systems and the organizational setting where they operate. The Secure Tropos methodology adopts the SI* modeling language for the acquisition, modeling and analysis of requirements. This language proposes a set of concepts founded on the notions of permission, delegation, and trust. These concepts are formalized and are shown to support the requirements analysis process through a formal reasoning tool based on the Answer Set Programming paradigm. This allows designers to automatically verify the correctness of security, privacy, and trust requirements and their consistency with functional requirements.