Security Requirements Engineering is an emerging field which lies at the crossroads of Security and Software Engineering. Much research has focused on this field in recent years, spurred by the realization that security must be dealt with in the earliest phases of the software development process as these phases cover a broader organizational perspective. Agent-oriented methodologies have proved to be especially useful in this setting as they support the modeling of the social context in which the system-to-be will operate. In our previous work, we proposed the SI* modeling language to deal with security and trust, and the Secure Tropos methodology for designing secure software systems. Since then, both have been revised and refined in light of experience gained from their application to several industry case studies. This chapter presents the consolidated versions of the SI* modeling language and the Secure Tropos methodology and recounts our experiences, explaining the practical and theoretical reasons behind each consolidation step.
|Title of host publication||Advances in Intelligent Information Systems|
|Editors||Z.W. Ras, L.-S. Tsay|
|Place of Publication||Berlin|
|Publication status||Published - 2010|
|Name||Studies in Computational Intelligence|