Sciweavers

RE
2005
Springer

Modeling Security Requirements Through Ownership, Permission and Delegation

14 years 6 months ago
Modeling Security Requirements Through Ownership, Permission and Delegation
Security Requirements Engineering is emerging as a branch of Software Engineering, spurred by the realization that security must be dealt with early on during the requirements phase. Methodologies in this field are challenging as they must take into account subtle notions such as trust (or lack thereof), delegation, and permission; they must also model entire organizations and not only systems-to-be. In our previous work we introduced Secure Tropos, a formal framework for modeling and analyzing security requirements. Secure Tropos is founded on three main notions: ownership, trust, and delegation. In this paper we refine Secure Tropos introducing the notions of delegation and trust of execution (at-least delegation and trust) and delegation and trust of permission (at-most delegation and trust). We also propose the use of monitoring as security pattern that can be a design solution to overcome the problem of lack of trust between actors. The paper presents a semantics for these noti...
Paolo Giorgini, Fabio Massacci, John Mylopoulos, N
Added 28 Jun 2010
Updated 28 Jun 2010
Type Conference
Year 2005
Where RE
Authors Paolo Giorgini, Fabio Massacci, John Mylopoulos, Nicola Zannone
Comments (0)