Filling the gap between requirements engineering and public key/trust management infrastructures

P. Giorgini; F. Massacci; J. Mylopoulos; N. Zannone

doi:10.1007/978-3-540-25980-0_8

Filling the gap between requirements engineering and public key/trust management infrastructures

P. Giorgini, F. Massacci, J. Mylopoulos, N. Zannone

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

14 Citations (Scopus)

6 Downloads (Pure)

Abstract

The last years have seen a major interest in designing and deploying trust management and public key infrastructures. Yet, it is still far from clear how one can pass from the organization and system requirements to the actual credentials and attribution of permissions in the PKI infrastructure. Our goal in this paper is filling this gap. We propose a formal framework for modeling and analyzing security and trust requirements, that extends the Tropos methodology for early requirements modeling. The key intuition that underlies our work is the identification of distinct roles for actors that manipulate resources, accomplish goals or execute tasks, and actors that own or permit usage of resources or goals. The paper also presents a simple case study and a PKI/trust management implementation.

Original language	English
Title of host publication	Public Key Infrastructure (First European PKIWorkshop: Research and Applications, EuroPKI 2004, Samos Island, Greece, June 25-26, 2004, Proceedings)
Editors	S.K. Katsikas, S. Gritzalis, J. Lopez
Place of Publication	Berlin
Publisher	Springer
Pages	98-111
ISBN (Print)	3-540-22216-2
DOIs	https://doi.org/10.1007/978-3-540-25980-0_8
Publication status	Published - 2004

Publication series

Name	Lecture Notes in Computer Science
Volume	3093
ISSN (Print)	0302-9743

Access to Document

10.1007/978-3-540-25980-0_8

Cite this

Giorgini, P., Massacci, F., Mylopoulos, J., & Zannone, N. (2004). Filling the gap between requirements engineering and public key/trust management infrastructures. In S. K. Katsikas, S. Gritzalis, & J. Lopez (Eds.), Public Key Infrastructure (First European PKIWorkshop: Research and Applications, EuroPKI 2004, Samos Island, Greece, June 25-26, 2004, Proceedings) (pp. 98-111). (Lecture Notes in Computer Science; Vol. 3093). Springer. https://doi.org/10.1007/978-3-540-25980-0_8

Giorgini, P. ; Massacci, F. ; Mylopoulos, J. et al. / Filling the gap between requirements engineering and public key/trust management infrastructures. Public Key Infrastructure (First European PKIWorkshop: Research and Applications, EuroPKI 2004, Samos Island, Greece, June 25-26, 2004, Proceedings). editor / S.K. Katsikas ; S. Gritzalis ; J. Lopez. Berlin : Springer, 2004. pp. 98-111 (Lecture Notes in Computer Science).

@inproceedings{f4d595ea0f2a4ee4ba9fb221790b385e,

title = "Filling the gap between requirements engineering and public key/trust management infrastructures",

abstract = "The last years have seen a major interest in designing and deploying trust management and public key infrastructures. Yet, it is still far from clear how one can pass from the organization and system requirements to the actual credentials and attribution of permissions in the PKI infrastructure. Our goal in this paper is filling this gap. We propose a formal framework for modeling and analyzing security and trust requirements, that extends the Tropos methodology for early requirements modeling. The key intuition that underlies our work is the identification of distinct roles for actors that manipulate resources, accomplish goals or execute tasks, and actors that own or permit usage of resources or goals. The paper also presents a simple case study and a PKI/trust management implementation.",

author = "P. Giorgini and F. Massacci and J. Mylopoulos and N. Zannone",

year = "2004",

doi = "10.1007/978-3-540-25980-0_8",

language = "English",

isbn = "3-540-22216-2",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "98--111",

editor = "S.K. Katsikas and S. Gritzalis and J. Lopez",

booktitle = "Public Key Infrastructure (First European PKIWorkshop: Research and Applications, EuroPKI 2004, Samos Island, Greece, June 25-26, 2004, Proceedings)",

address = "Germany",

}

Giorgini, P, Massacci, F, Mylopoulos, J & Zannone, N 2004, Filling the gap between requirements engineering and public key/trust management infrastructures. in SK Katsikas, S Gritzalis & J Lopez (eds), Public Key Infrastructure (First European PKIWorkshop: Research and Applications, EuroPKI 2004, Samos Island, Greece, June 25-26, 2004, Proceedings). Lecture Notes in Computer Science, vol. 3093, Springer, Berlin, pp. 98-111. https://doi.org/10.1007/978-3-540-25980-0_8

Filling the gap between requirements engineering and public key/trust management infrastructures. / Giorgini, P.; Massacci, F.; Mylopoulos, J. et al.
Public Key Infrastructure (First European PKIWorkshop: Research and Applications, EuroPKI 2004, Samos Island, Greece, June 25-26, 2004, Proceedings). ed. / S.K. Katsikas; S. Gritzalis; J. Lopez. Berlin: Springer, 2004. p. 98-111 (Lecture Notes in Computer Science; Vol. 3093).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Filling the gap between requirements engineering and public key/trust management infrastructures

AU - Giorgini, P.

AU - Massacci, F.

AU - Mylopoulos, J.

AU - Zannone, N.

PY - 2004

Y1 - 2004

N2 - The last years have seen a major interest in designing and deploying trust management and public key infrastructures. Yet, it is still far from clear how one can pass from the organization and system requirements to the actual credentials and attribution of permissions in the PKI infrastructure. Our goal in this paper is filling this gap. We propose a formal framework for modeling and analyzing security and trust requirements, that extends the Tropos methodology for early requirements modeling. The key intuition that underlies our work is the identification of distinct roles for actors that manipulate resources, accomplish goals or execute tasks, and actors that own or permit usage of resources or goals. The paper also presents a simple case study and a PKI/trust management implementation.

AB - The last years have seen a major interest in designing and deploying trust management and public key infrastructures. Yet, it is still far from clear how one can pass from the organization and system requirements to the actual credentials and attribution of permissions in the PKI infrastructure. Our goal in this paper is filling this gap. We propose a formal framework for modeling and analyzing security and trust requirements, that extends the Tropos methodology for early requirements modeling. The key intuition that underlies our work is the identification of distinct roles for actors that manipulate resources, accomplish goals or execute tasks, and actors that own or permit usage of resources or goals. The paper also presents a simple case study and a PKI/trust management implementation.

U2 - 10.1007/978-3-540-25980-0_8

DO - 10.1007/978-3-540-25980-0_8

M3 - Conference contribution

SN - 3-540-22216-2

T3 - Lecture Notes in Computer Science

SP - 98

EP - 111

BT - Public Key Infrastructure (First European PKIWorkshop: Research and Applications, EuroPKI 2004, Samos Island, Greece, June 25-26, 2004, Proceedings)

A2 - Katsikas, S.K.

A2 - Gritzalis, S.

A2 - Lopez, J.

PB - Springer

CY - Berlin

ER -

Giorgini P, Massacci F, Mylopoulos J, Zannone N. Filling the gap between requirements engineering and public key/trust management infrastructures. In Katsikas SK, Gritzalis S, Lopez J, editors, Public Key Infrastructure (First European PKIWorkshop: Research and Applications, EuroPKI 2004, Samos Island, Greece, June 25-26, 2004, Proceedings). Berlin: Springer. 2004. p. 98-111. (Lecture Notes in Computer Science). doi: 10.1007/978-3-540-25980-0_8

Filling the gap between requirements engineering and public key/trust management infrastructures

Abstract

Publication series

Access to Document

Fingerprint

Cite this