• DocumentCode
    2019426
  • Title

    Security requirements engineering via commitments

  • Author

    Dalpiaz, Fabiano ; Paja, Elda ; Giorgini, Paolo

  • Author_Institution
    Dept. of Inf. Eng. & Comput. Sci., Univ. of Trento, Trento, Italy
  • fYear
    2011
  • fDate
    8-8 Sept. 2011
  • Firstpage
    1
  • Lastpage
    8
  • Abstract
    Security Requirements Engineering (SRE) is concerned with the elicitation of security needs and the specification of security requirements of the system-to-be. Current approaches to SRE either express stakeholders´ needs via high-level organisational abstractions that are hard to map to system design, or specify only technical security requirements. In this paper, we introduce SecCo, an SRE framework that starts with goal-oriented modelling of the security needs and derives security requirements from such needs. Importantly, SecCo relates security requirements to the interaction among actors. Security requirements are specified as social commitments - promises with contractual validity from one actor to another - that define constraints on the way actors can interact. These commitments shall be implemented by the system-to-be.
  • Keywords
    security of data; systems analysis; SecCo; commitments; contractual validity; goal oriented modelling; high level organisational abstractions; security requirements engineering; technical security requirements; Authorization; Concrete; Educational institutions; Information systems; Production; Redundancy; Commitments; Goal models; Security requirements;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Socio-Technical Aspects in Security and Trust (STAST), 2011 1st Workshop on
  • Conference_Location
    Milan
  • Print_ISBN
    978-1-4577-1182-4
  • Type

    conf

  • DOI
    10.1109/STAST.2011.6059249
  • Filename
    6059249
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2019426