Modeling Security Requirements Through Ownership, Permission and Delegation

R
RE
2005
13th IEEE International Requirements Engineering Conference (RE'05)
Abstract - Modeling Security Requirements Through Ownership, Permission and Delegation

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Paolo Giorgini Articles by Fabio Massacci Articles by John Mylopoulos Articles by Nicola Zannone

13th IEEE International Requirements Engineering Conference (RE'05)

Paris, France

August 29-September 02

ISBN: 0-7695-2425-7

	ASCII Text	x
	Paolo Giorgini, Fabio Massacci, John Mylopoulos, Nicola Zannone, "Modeling Security Requirements Through Ownership, Permission and Delegation," Requirements Engineering, IEEE International Conference on, pp. 167-176, 13th IEEE International Requirements Engineering Conference (RE'05), 2005.

	BibTex	x
	@article{ 10.1109/RE.2005.43, author = {Paolo Giorgini and Fabio Massacci and John Mylopoulos and Nicola Zannone}, title = {Modeling Security Requirements Through Ownership, Permission and Delegation}, journal ={Requirements Engineering, IEEE International Conference on}, volume = {0}, year = {2005}, isbn = {0-7695-2425-7}, pages = {167-176}, doi = {http://doi.ieeecomputersociety.org/10.1109/RE.2005.43}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Requirements Engineering, IEEE International Conference on TI - Modeling Security Requirements Through Ownership, Permission and Delegation SN - 0-7695-2425-7 SP167 EP176 A1 - Paolo Giorgini, A1 - Fabio Massacci, A1 - John Mylopoulos, A1 - Nicola Zannone, PY - 2005 KW - null VL - 0 JA - Requirements Engineering, IEEE International Conference on ER -

Paolo Giorgini, University of Trento

Fabio Massacci, University of Trento

John Mylopoulos, University of Toronto

Nicola Zannone, University of Trento

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/RE.2005.43

Security Requirements Engineering is emerging as a branch of Software Engineering, spurred by the realization that security must be dealt with early on during the requirements phase. Methodologies in this ?eld are challenging, as they must take into account subtle notions such as trust (or lack thereof), delegation, and permission; they must also model entire organizations and not only systems-to-be.

In our previous work we introduced Secure Tropos, a formal framework for modeling and analyzing security requirements. Secure Tropos is founded on three main notions: ownership, trust, and delegation. In this paper we re?ne Secure Tropos introducing the notions of at-least delegation and trust of execution; also, at-most delegation and trust of permission. We also propose monitoring as a security design pattern intended to overcome the problem of lack of trust between actors. The paper presents a semantics for these notions, and describes an implemented formal reasoning tool based on Datalog.

Citation:

Paolo Giorgini, Fabio Massacci, John Mylopoulos, Nicola Zannone, "Modeling Security Requirements Through Ownership, Permission and Delegation," re, pp.167-176, 13th IEEE International Requirements Engineering Conference (RE'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.