The Community for Technology Leaders
2013 21st IEEE International Requirements Engineering Conference (RE) (2005)
Paris, France
Aug. 29, 2005 to Sept. 2, 2005
ISBN: 0-7695-2425-7
pp: 167-176
John Mylopoulos , University of Toronto
Nicola Zannone , University of Trento
Fabio Massacci , University of Trento
Paolo Giorgini , University of Trento
<p>Security Requirements Engineering is emerging as a branch of Software Engineering, spurred by the realization that security must be dealt with early on during the requirements phase. Methodologies in this ?eld are challenging, as they must take into account subtle notions such as trust (or lack thereof), delegation, and permission; they must also model entire organizations and not only systems-to-be.</p> <p>In our previous work we introduced Secure Tropos, a formal framework for modeling and analyzing security requirements. Secure Tropos is founded on three main notions: ownership, trust, and delegation. In this paper we re?ne Secure Tropos introducing the notions of at-least delegation and trust of execution; also, at-most delegation and trust of permission. We also propose monitoring as a security design pattern intended to overcome the problem of lack of trust between actors. The paper presents a semantics for these notions, and describes an implemented formal reasoning tool based on Datalog.</p>
John Mylopoulos, Nicola Zannone, Fabio Massacci, Paolo Giorgini, "Modeling Security Requirements Through Ownership, Permission and Delegation", 2013 21st IEEE International Requirements Engineering Conference (RE), vol. 00, no. , pp. 167-176, 2005, doi:10.1109/RE.2005.43
85 ms
(Ver )