Modelling security and trust with Secure Tropos (original) (raw)
Related papers
Requirements engineering for trust management: model, methodology, and reasoning
2006
Abstract A number of recent proposals aim to incorporate security engineering into mainstream software engineering. Yet, capturing trust and security requirements at an organizational level, as opposed to an IT system level, and mapping these into security and trust management policies is still an open problem. This paper proposes a set of concepts founded on the notions of ownership, permission, and trust and intended for requirements modeling.
Requirements engineering meets trust management
2004
The last years have seen a number of proposals to incorporate Security Engineering into mainstream Software Requirements Engineering. However, capturing trust and security requirements at an organizational level (as opposed to a design level) is still an open problem. This paper presents a formal framework for modeling and analyzing security and trust requirements. It extends the Tropos methodology, an agent-oriented software engineering methodology.
Software Engineering Principles and Security Vulnerabilities
Software Engineering principles have connections with design science, including cybersecurity concerns pertaining to vulnerabilities, trust and reputation. The work of this paper surveys, identifies, establishes and explores these connections. Identification and addressing of security issues and concerns during the early phases of software development life cycle, especially during the requirements analysis and design phases; and importance of inclusion of security requirements have also been illustrated. In addition to that, effective and efficient strategies and techniques to prevent, mitigate and remediate security vulnerabilities by the application of the principles of trust modelling and design science research methodology have also been presented.
Modeling Trust Relationships for Developing Trustworthy Information Systems
International Journal of Information System Modeling and Design, 2014
Developing a trustworthy information system is a challenging task. The overall trustworthiness of an information system depends on trust relationships that are generally assumed without adequate justification. However, lack of appropriate analysis of such relationships and of appropriate justification of relevant trust assumptions might lead to systems that fail to fully achieve their functionalities. Existing literature does not provide adequate guidelines for a systematic process or an appropriate modeling language to support such trust-focused analysis. This paper fills this gap by introducing a process that allows developers to capture possible trust relationships and to reason about them. The process is supported by a modeling language based on a set of concepts relating to trust and control and a CASE tool. An illustrative example from the UK health care domain is used to demonstrate the applicability and usefulness of the approach.