The Community for Technology Leaders
RSS Icon
Subscribe
Paris
Aug. 29, 2005 to Sept. 2, 2005
ISBN: 0-7695-2425-7
pp: 167-176
Paolo Giorgini , University of Trento
Fabio Massacci , University of Trento
John Mylopoulos , University of Toronto
Nicola Zannone , University of Trento
ABSTRACT
<p>Security Requirements Engineering is emerging as a branch of Software Engineering, spurred by the realization that security must be dealt with early on during the requirements phase. Methodologies in this ?eld are challenging, as they must take into account subtle notions such as trust (or lack thereof), delegation, and permission; they must also model entire organizations and not only systems-to-be.</p> <p>In our previous work we introduced Secure Tropos, a formal framework for modeling and analyzing security requirements. Secure Tropos is founded on three main notions: ownership, trust, and delegation. In this paper we re?ne Secure Tropos introducing the notions of at-least delegation and trust of execution; also, at-most delegation and trust of permission. We also propose monitoring as a security design pattern intended to overcome the problem of lack of trust between actors. The paper presents a semantics for these notions, and describes an implemented formal reasoning tool based on Datalog.</p>
INDEX TERMS
null
CITATION
Paolo Giorgini, Fabio Massacci, John Mylopoulos, Nicola Zannone, "Modeling Security Requirements Through Ownership, Permission and Delegation", RE, 2005, Proceedings. 13th IEEE International Conference on Requirements Engineering, Proceedings. 13th IEEE International Conference on Requirements Engineering 2005, pp. 167-176, doi:10.1109/RE.2005.43
296 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool