TY - JOUR
T1 - Requirements engineering for trust management: Model, methodology, and reasoning
AU - Giorgini, P.
AU - Massacci, F.
AU - Mylopoulos, J.
AU - Zannone, N.
PY - 2006
Y1 - 2006
N2 - A number of recent proposals aim to incorporate security engineering into mainstream software engineering. Yet, capturing trust and security requirements at an organizational level, as opposed to an IT system level, and mapping these into security and trust management policies is still an open problem. This paper proposes a set of concepts founded on the notions of ownership, permission, and trust and intended for requirements modeling. It also extends Tropos, an agent-oriented software engineering methodology, to support security requirements engineering. These concepts are formalized and are shown to support the automatic verification of security and trust requirements using Datalog. To make the discussion more concrete, we illustrate the proposal with a Health Care case study.
AB - A number of recent proposals aim to incorporate security engineering into mainstream software engineering. Yet, capturing trust and security requirements at an organizational level, as opposed to an IT system level, and mapping these into security and trust management policies is still an open problem. This paper proposes a set of concepts founded on the notions of ownership, permission, and trust and intended for requirements modeling. It also extends Tropos, an agent-oriented software engineering methodology, to support security requirements engineering. These concepts are formalized and are shown to support the automatic verification of security and trust requirements using Datalog. To make the discussion more concrete, we illustrate the proposal with a Health Care case study.
U2 - 10.1007/s10207-006-0005-7
DO - 10.1007/s10207-006-0005-7
M3 - Article
SN - 1615-5262
VL - 5
SP - 257
EP - 274
JO - International Journal of Information Security
JF - International Journal of Information Security
IS - 4
ER -