Title :
Modeling security requirements through ownership, permission and delegation
Author :
Giorgini, Paolo ; Massacci, Fabio ; Mylopoulos, John ; Zannone, Nicola
Author_Institution :
Trento Univ., Italy
fDate :
29 Aug.-2 Sept. 2005
Abstract :
Security requirements engineering is emerging as a branch of software engineering, spurred by the realization that security must be dealt with early on during the requirements phase. Methodologies in this field are challenging, as they must take into account subtle notions such as trust (or lack thereof), delegation, and permission; they must also model entire organizations and not only systems-to-be. In our previous work we introduced Secure Tropos, a formal framework for modeling and analyzing security requirements. Secure Tropos is founded on three main notions: ownership, trust, and delegation. In this paper, we refine Secure Tropos introducing the notions of at-least delegation and trust of execution; also, at-most delegation and trust of permission. We also propose monitoring as a security design pattern intended to overcome the problem of lack of trust between actors. The paper presents a semantic for these notions, and describes an implemented formal reasoning tool based on Datalog.
Keywords :
formal specification; security of data; Datalog; Secure Tropos; formal reasoning tool; security design pattern; security requirements analysis; security requirements engineering; security requirements modeling; software engineering; Authorization; Availability; Data security; Monitoring; Permission; Proposals; Protection; Software engineering; Software systems; Unified modeling language;
Conference_Titel :
Requirements Engineering, 2005. Proceedings. 13th IEEE International Conference on
Print_ISBN :
0-7695-2425-7
