Designing security requirements models through planning

V. Bryl, F. Massacci, J. Mylopoulos, N. Zannone

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    27 Citations (Scopus)

    Abstract

    The quest for designing secure and trusted software has led to refined Software Engineering methodologies that rely on tools to support the design process. Automated reasoning mechanisms for requirements and software verification are by now a well-accepted part of the design process, and model driven architectures support the automation of the refinement process. We claim that we can further push the envelope towards the automatic exploration and selection among design alternatives and show that this is concretely possible for Secure Tropos, a requirements engineering methodology that addresses security and trust concerns. In Secure Tropos, a design consists of a network of actors (agents, positions or roles) with delegation/permission dependencies among them. Accordingly, the generation of design alternatives can be accomplished by a planner which is given as input a set of actors and goals and generates alternative multi-agent plans to fulfill all given goals. We validate our claim with a case study using a state-of-the-art planner.
    Original languageEnglish
    Title of host publicationAdvanced Information Systems Engineering (18th International Conference, CAiSE'06, Luxembourg, Luxembourg, June 5-9, 2006, Proceedings)
    EditorsEric Dubois, Klaus Pohl
    Place of PublicationBerlin
    PublisherSpringer
    Chapter4
    Pages33-47
    Number of pages15
    ISBN (Electronic)978-3-540-34653-1
    ISBN (Print)3-540-34652-X, 978-3-540-34652-4
    DOIs
    Publication statusPublished - 2006

    Publication series

    NameLecture Notes in Computer Science (LNCS)
    Volume4001
    ISSN (Print)0302-9743

    Fingerprint Dive into the research topics of 'Designing security requirements models through planning'. Together they form a unique fingerprint.

    Cite this