Designing security requirements models through planning

V. Bryl; F. Massacci; J. Mylopoulos; N. Zannone

doi:10.1007/11767138_4

Designing security requirements models through planning

V. Bryl, F. Massacci, J. Mylopoulos, N. Zannone

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

31 Citations (Scopus)

Abstract

The quest for designing secure and trusted software has led to refined Software Engineering methodologies that rely on tools to support the design process. Automated reasoning mechanisms for requirements and software verification are by now a well-accepted part of the design process, and model driven architectures support the automation of the refinement process. We claim that we can further push the envelope towards the automatic exploration and selection among design alternatives and show that this is concretely possible for Secure Tropos, a requirements engineering methodology that addresses security and trust concerns. In Secure Tropos, a design consists of a network of actors (agents, positions or roles) with delegation/permission dependencies among them. Accordingly, the generation of design alternatives can be accomplished by a planner which is given as input a set of actors and goals and generates alternative multi-agent plans to fulfill all given goals. We validate our claim with a case study using a state-of-the-art planner.

Original language	English
Title of host publication	Advanced Information Systems Engineering (18th International Conference, CAiSE'06, Luxembourg, Luxembourg, June 5-9, 2006, Proceedings)
Editors	Eric Dubois, Klaus Pohl
Place of Publication	Berlin
Publisher	Springer
Chapter	4
Pages	33-47
Number of pages	15
ISBN (Electronic)	978-3-540-34653-1
ISBN (Print)	3-540-34652-X, 978-3-540-34652-4
DOIs	https://doi.org/10.1007/11767138_4
Publication status	Published - 2006

Publication series

Name	Lecture Notes in Computer Science (LNCS)
Volume	4001
ISSN (Print)	0302-9743

Access to Document

10.1007/11767138_4

Cite this

Bryl, V., Massacci, F., Mylopoulos, J., & Zannone, N. (2006). Designing security requirements models through planning. In E. Dubois, & K. Pohl (Eds.), Advanced Information Systems Engineering (18th International Conference, CAiSE'06, Luxembourg, Luxembourg, June 5-9, 2006, Proceedings) (pp. 33-47). (Lecture Notes in Computer Science (LNCS); Vol. 4001). Springer. https://doi.org/10.1007/11767138_4

@inproceedings{a729fbb8f305490aa1183cbf634277d5,

title = "Designing security requirements models through planning",

abstract = "The quest for designing secure and trusted software has led to refined Software Engineering methodologies that rely on tools to support the design process. Automated reasoning mechanisms for requirements and software verification are by now a well-accepted part of the design process, and model driven architectures support the automation of the refinement process. We claim that we can further push the envelope towards the automatic exploration and selection among design alternatives and show that this is concretely possible for Secure Tropos, a requirements engineering methodology that addresses security and trust concerns. In Secure Tropos, a design consists of a network of actors (agents, positions or roles) with delegation/permission dependencies among them. Accordingly, the generation of design alternatives can be accomplished by a planner which is given as input a set of actors and goals and generates alternative multi-agent plans to fulfill all given goals. We validate our claim with a case study using a state-of-the-art planner.",

author = "V. Bryl and F. Massacci and J. Mylopoulos and N. Zannone",

year = "2006",

doi = "10.1007/11767138_4",

language = "English",

isbn = "3-540-34652-X",

series = "Lecture Notes in Computer Science (LNCS)",

publisher = "Springer",

pages = "33--47",

editor = "Eric Dubois and Klaus Pohl",

booktitle = "Advanced Information Systems Engineering (18th International Conference, CAiSE'06, Luxembourg, Luxembourg, June 5-9, 2006, Proceedings)",

address = "Germany",

}

Bryl, V, Massacci, F, Mylopoulos, J & Zannone, N 2006, Designing security requirements models through planning. in E Dubois & K Pohl (eds), Advanced Information Systems Engineering (18th International Conference, CAiSE'06, Luxembourg, Luxembourg, June 5-9, 2006, Proceedings). Lecture Notes in Computer Science (LNCS), vol. 4001, Springer, Berlin, pp. 33-47. https://doi.org/10.1007/11767138_4

Designing security requirements models through planning. / Bryl, V.; Massacci, F.; Mylopoulos, J. et al.
Advanced Information Systems Engineering (18th International Conference, CAiSE'06, Luxembourg, Luxembourg, June 5-9, 2006, Proceedings). ed. / Eric Dubois; Klaus Pohl. Berlin: Springer, 2006. p. 33-47 (Lecture Notes in Computer Science (LNCS); Vol. 4001).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Designing security requirements models through planning

AU - Bryl, V.

AU - Massacci, F.

AU - Mylopoulos, J.

AU - Zannone, N.

PY - 2006

Y1 - 2006

N2 - The quest for designing secure and trusted software has led to refined Software Engineering methodologies that rely on tools to support the design process. Automated reasoning mechanisms for requirements and software verification are by now a well-accepted part of the design process, and model driven architectures support the automation of the refinement process. We claim that we can further push the envelope towards the automatic exploration and selection among design alternatives and show that this is concretely possible for Secure Tropos, a requirements engineering methodology that addresses security and trust concerns. In Secure Tropos, a design consists of a network of actors (agents, positions or roles) with delegation/permission dependencies among them. Accordingly, the generation of design alternatives can be accomplished by a planner which is given as input a set of actors and goals and generates alternative multi-agent plans to fulfill all given goals. We validate our claim with a case study using a state-of-the-art planner.

AB - The quest for designing secure and trusted software has led to refined Software Engineering methodologies that rely on tools to support the design process. Automated reasoning mechanisms for requirements and software verification are by now a well-accepted part of the design process, and model driven architectures support the automation of the refinement process. We claim that we can further push the envelope towards the automatic exploration and selection among design alternatives and show that this is concretely possible for Secure Tropos, a requirements engineering methodology that addresses security and trust concerns. In Secure Tropos, a design consists of a network of actors (agents, positions or roles) with delegation/permission dependencies among them. Accordingly, the generation of design alternatives can be accomplished by a planner which is given as input a set of actors and goals and generates alternative multi-agent plans to fulfill all given goals. We validate our claim with a case study using a state-of-the-art planner.

U2 - 10.1007/11767138_4

DO - 10.1007/11767138_4

M3 - Conference contribution

SN - 3-540-34652-X

SN - 978-3-540-34652-4

T3 - Lecture Notes in Computer Science (LNCS)

SP - 33

EP - 47

BT - Advanced Information Systems Engineering (18th International Conference, CAiSE'06, Luxembourg, Luxembourg, June 5-9, 2006, Proceedings)

A2 - Dubois, Eric

A2 - Pohl, Klaus

PB - Springer

CY - Berlin

ER -

Bryl V, Massacci F, Mylopoulos J, Zannone N. Designing security requirements models through planning. In Dubois E, Pohl K, editors, Advanced Information Systems Engineering (18th International Conference, CAiSE'06, Luxembourg, Luxembourg, June 5-9, 2006, Proceedings). Berlin: Springer. 2006. p. 33-47. (Lecture Notes in Computer Science (LNCS)). doi: 10.1007/11767138_4

Designing security requirements models through planning

Abstract

Publication series

Access to Document

Fingerprint

Cite this