Requirements engineering for trust management: Model, methodology, and reasoning

P. Giorgini, F. Massacci, J. Mylopoulos, N. Zannone

    Research output: Contribution to journalArticleAcademicpeer-review

    73 Citations (Scopus)
    2 Downloads (Pure)


    A number of recent proposals aim to incorporate security engineering into mainstream software engineering. Yet, capturing trust and security requirements at an organizational level, as opposed to an IT system level, and mapping these into security and trust management policies is still an open problem. This paper proposes a set of concepts founded on the notions of ownership, permission, and trust and intended for requirements modeling. It also extends Tropos, an agent-oriented software engineering methodology, to support security requirements engineering. These concepts are formalized and are shown to support the automatic verification of security and trust requirements using Datalog. To make the discussion more concrete, we illustrate the proposal with a Health Care case study.
    Original languageEnglish
    Pages (from-to)257-274
    JournalInternational Journal of Information Security
    Issue number4
    Publication statusPublished - 2006


    Dive into the research topics of 'Requirements engineering for trust management: Model, methodology, and reasoning'. Together they form a unique fingerprint.

    Cite this