Security and trust requirements engineering

P. Giorgini, F. Massacci, N. Zannone

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    55 Citations (Scopus)
    2 Downloads (Pure)


    Integrating security concerns throughout the whole software development process is one of today’s challenges in software and requirements engineering research. A challenge that so far has proved difficult to meet. The major difficulty is that providing security does not only require to solve technical problems but also to reason on the organization as a whole. This makes the usage of traditional software engineering methologies difficult or unsatisfactory: most proposals focus on protection aspects of security and explicitly deal with low level protection mechanisms and only an handful of them show the ability of capturing the high-level organizational security requirements, without getting suddenly bogged down into security protocols or cryptography algorithms. In this paper we critically review the state of the art in security requirements engineering and discuss the motivations that led us to propose the Secure Tropos methodology, a formal framework for modelling and analyzing security, that enhances the agent-oriented software development methodology i*/Tropos. We illustrate the Secure Tropos approach, a comprehensive case study, and discuss some later refinements of the Secure Tropos methodology to address some of its shortcomings. Finally, we introduce the ST-Tool, a CASE tool that supports our methodology.
    Original languageEnglish
    Title of host publicationFoundations of Security Analysis and Design III (FOSAD 2004/2005 Tutorial Lectures)
    EditorsA. Aldini, R. Gorrieri, F. Martinelli
    Place of PublicationBerlin
    ISBN (Print)3-540-28955-0
    Publication statusPublished - 2005

    Publication series

    NameLecture Notes in Computer Science
    ISSN (Print)0302-9743


    Dive into the research topics of 'Security and trust requirements engineering'. Together they form a unique fingerprint.

    Cite this