A requirements engineering methodology for trust, security, and privacy

Research output: ThesisPhd Thesis 4 Research NOT TU/e / Graduation NOT TU/e)

Abstract

Security Requirements Engineering is emerging as a branch of Software Engineering, spurred by the realization that security must be dealt with early on during the requirements phase. This entails capturing security, privacy, and trust requirements at an organizational level, as opposed to an IT system level. Specifically, the development of secure and privacy-aware systems requires to explicitly model the goals and trust relations of stakeholders of the system which will be partially implemented by the IT system and partially by organizational procedures. To this end, we propose Secure Tropos, an agent-oriented requirements engineering methodology tailored to model and analyze security, privacy, and trust requirements of systems and the organizational setting where they operate. The Secure Tropos methodology adopts the SI* modeling language for the acquisition, modeling and analysis of requirements. This language proposes a set of concepts founded on the notions of permission, delegation, and trust. These concepts are formalized and are shown to support the requirements analysis process through a formal reasoning tool based on the Answer Set Programming paradigm. This allows designers to automatically verify the correctness of security, privacy, and trust requirements and their consistency with functional requirements.
Original languageEnglish
QualificationDoctor of Philosophy
Awarding Institution
  • University of Trento
Award date1 Jan 2007
Place of PublicationTrento
Publisher
Publication statusPublished - 2007

Fingerprint

Requirements engineering
Software engineering
Modeling languages

Cite this

@phdthesis{7a010778ac9e41a4988ad7df0f476d18,
title = "A requirements engineering methodology for trust, security, and privacy",
abstract = "Security Requirements Engineering is emerging as a branch of Software Engineering, spurred by the realization that security must be dealt with early on during the requirements phase. This entails capturing security, privacy, and trust requirements at an organizational level, as opposed to an IT system level. Specifically, the development of secure and privacy-aware systems requires to explicitly model the goals and trust relations of stakeholders of the system which will be partially implemented by the IT system and partially by organizational procedures. To this end, we propose Secure Tropos, an agent-oriented requirements engineering methodology tailored to model and analyze security, privacy, and trust requirements of systems and the organizational setting where they operate. The Secure Tropos methodology adopts the SI* modeling language for the acquisition, modeling and analysis of requirements. This language proposes a set of concepts founded on the notions of permission, delegation, and trust. These concepts are formalized and are shown to support the requirements analysis process through a formal reasoning tool based on the Answer Set Programming paradigm. This allows designers to automatically verify the correctness of security, privacy, and trust requirements and their consistency with functional requirements.",
author = "N. Zannone",
year = "2007",
language = "English",
publisher = "University of Trento",
school = "University of Trento",

}

Zannone, N 2007, 'A requirements engineering methodology for trust, security, and privacy', Doctor of Philosophy, University of Trento, Trento.

A requirements engineering methodology for trust, security, and privacy. / Zannone, N.

Trento : University of Trento, 2007.

Research output: ThesisPhd Thesis 4 Research NOT TU/e / Graduation NOT TU/e)

TY - THES

T1 - A requirements engineering methodology for trust, security, and privacy

AU - Zannone, N.

PY - 2007

Y1 - 2007

N2 - Security Requirements Engineering is emerging as a branch of Software Engineering, spurred by the realization that security must be dealt with early on during the requirements phase. This entails capturing security, privacy, and trust requirements at an organizational level, as opposed to an IT system level. Specifically, the development of secure and privacy-aware systems requires to explicitly model the goals and trust relations of stakeholders of the system which will be partially implemented by the IT system and partially by organizational procedures. To this end, we propose Secure Tropos, an agent-oriented requirements engineering methodology tailored to model and analyze security, privacy, and trust requirements of systems and the organizational setting where they operate. The Secure Tropos methodology adopts the SI* modeling language for the acquisition, modeling and analysis of requirements. This language proposes a set of concepts founded on the notions of permission, delegation, and trust. These concepts are formalized and are shown to support the requirements analysis process through a formal reasoning tool based on the Answer Set Programming paradigm. This allows designers to automatically verify the correctness of security, privacy, and trust requirements and their consistency with functional requirements.

AB - Security Requirements Engineering is emerging as a branch of Software Engineering, spurred by the realization that security must be dealt with early on during the requirements phase. This entails capturing security, privacy, and trust requirements at an organizational level, as opposed to an IT system level. Specifically, the development of secure and privacy-aware systems requires to explicitly model the goals and trust relations of stakeholders of the system which will be partially implemented by the IT system and partially by organizational procedures. To this end, we propose Secure Tropos, an agent-oriented requirements engineering methodology tailored to model and analyze security, privacy, and trust requirements of systems and the organizational setting where they operate. The Secure Tropos methodology adopts the SI* modeling language for the acquisition, modeling and analysis of requirements. This language proposes a set of concepts founded on the notions of permission, delegation, and trust. These concepts are formalized and are shown to support the requirements analysis process through a formal reasoning tool based on the Answer Set Programming paradigm. This allows designers to automatically verify the correctness of security, privacy, and trust requirements and their consistency with functional requirements.

M3 - Phd Thesis 4 Research NOT TU/e / Graduation NOT TU/e)

PB - University of Trento

CY - Trento

ER -