Security requirements engineering : the SI* modeling language and the Secure Tropos methodology

F. Massacci, J. Mylopoulos, N. Zannone

Research output: Chapter in Book/Report/Conference proceedingChapterAcademic

37 Citations (Scopus)
2 Downloads (Pure)

Abstract

Security Requirements Engineering is an emerging field which lies at the crossroads of Security and Software Engineering. Much research has focused on this field in recent years, spurred by the realization that security must be dealt with in the earliest phases of the software development process as these phases cover a broader organizational perspective. Agent-oriented methodologies have proved to be especially useful in this setting as they support the modeling of the social context in which the system-to-be will operate. In our previous work, we proposed the SI* modeling language to deal with security and trust, and the Secure Tropos methodology for designing secure software systems. Since then, both have been revised and refined in light of experience gained from their application to several industry case studies. This chapter presents the consolidated versions of the SI* modeling language and the Secure Tropos methodology and recounts our experiences, explaining the practical and theoretical reasons behind each consolidation step.
Original languageEnglish
Title of host publicationAdvances in Intelligent Information Systems
EditorsZ.W. Ras, L.-S. Tsay
Place of PublicationBerlin
PublisherSpringer
Pages147-174
ISBN (Print)978-3-642-05182-1
DOIs
Publication statusPublished - 2010

Publication series

NameStudies in Computational Intelligence
Volume265
ISSN (Print)1860-949X

Fingerprint Dive into the research topics of 'Security requirements engineering : the SI* modeling language and the Secure Tropos methodology'. Together they form a unique fingerprint.

Cite this