Abstract
A number of recent proposals aim to incorporate security engineering into mainstream software engineering. Yet, capturing trust and security requirements at an organizational level, as opposed to an IT system level, and mapping these into security and trust management policies is still an open problem. This paper proposes a set of concepts founded on the notions of ownership, permission, and trust and intended for requirements modeling. It also extends Tropos, an agent-oriented software engineering methodology, to support security requirements engineering. These concepts are formalized and are shown to support the automatic verification of security and trust requirements using Datalog. To make the discussion more concrete, we illustrate the proposal with a Health Care case study.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
Abiteboul S., Hull R., Vianu V. (1995) Foundations of databases. Addison-Wesley, Reading
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y. Hippocratic databases. In: Proceedings of VLDB’02, pp. 143–154. Morgan Kaufmann (2002)
Anderson, R. A security policy model for clinical information systems. In: Proceedings of Symposium on Security and Privacy, pp. 30–43. IEEE Press (1996)
Antón AI., Earp JB. (2004) A requirements taxonomy for reducing Web site privacy vulnerabilities. Requirements Eng. J. 9(3): 169–185
Axelrod R. The evolution of cooperation. Basic Books, London (1984)
Barnes LB. (1981) Managing the paradox of organizational trust. Harvard Bus. Rev. 59(2): 107–116
Basin D., Doser J., Lodderstedt T. (2006) Model driven security: from UML models to access control infrastructures. TOSEM 15(1): 39–91
Blaze M., Feigenbaum J., Ioannidis J., Keromytis A.D. (1999) The role of trust management in distributed systems security. secure internet programming 1603, 185–210
Blomqvist, K., Ståhle, P. Building organizational trust. In: proceedings of 16th Annual IMP Conf. (2000)
Bresciani P., Giorgini P., Giunchiglia F., Mylopoulos J., Perini A. (2004) TROPOS: An agent-oriented software development methodology. JAAMAS 8(3): 203–236
Castelfranchi, C., Falcone, R. Principles of trust for MAS: Cognitive anatomy, social importance and quantification. In: proceedings of ICMAS’98, pp. 72–79. IEEE Press (1998)
Chu Y.H., Feigenbaum J., LaMacchia B., Resnick P., Strauss M. (1997) REFEREE: Trust management for web applications. computer networks and ISDN Systems 29(8–13): 953–964
Chung, L., Nixon, B. Dealing with non-functional requirements: three experimental studies of a process-oriented approach. In: Proceedings of ICSE’95, pp. 25–37. ACM Press (1995)
Damianou, N. A policy framework for management of distributed systems. Ph.D. Thesis, University of London (2002)
Devanbu, P.T., Stubblebine, S.G. Software engineering for security: a roadmap. In: Proceedings. of ICSE’00 - Future of Software Engineerring Track, pp. 227–239 (2000)
Ebert, C. Requirements BEFORE the requirements: understanding the upstream Impacts. In: Proceedings of RE’05, pp. 117–124. IEEE Press (2005)
Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T. Simple public key certificates. Internet Draft (work in progress) (1999)
Giorgini, P., Massacci, F., Mylopoulos, J. Requirement engineering meets security: a case study on modelling secure electronic transactions by VISA and Mastercard. In: Proceedings. of ER’03, LNCS 2813, pp. 263–276. Springer, Berlin Heidelberg Newyork (2003)
Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N. Filling the gap between requirements engineering and public key/trust management infrastructures. In: Proceedings. of EuroPKI’04, LNCS 3093, pp. 98–111. Springer, Berlin Heidelberg Newyork (2004)
Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Requirements engineering meets trust management: model, methodology, and reasoning. In: Proceedings. of iTrust’04, LNCS 2995, pp. 176–190. Springer, Berlin Heidelberg Newyork (2004)
Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N. Modeling security requirements through ownership, permission and delegation. In: Proceedings of RE’05, pp. 167–176. IEEE Press (2005)
Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N. Modelling social and individual trust in requirements engineering methodologies. In: Proceedings of iTrust’05, LNCS 3477, pp. 161–176. Springer, Berlin Heidelberg Newyork (2005)
Jim, T. SD3: a trust management system with certified evaluation. In: Proceedings of Symposium on Security and Privacy, pp. 106–115. IEEE Press (2001)
Jürjens, J. Secure Systems Development with UML. Springer, (2004)
Leone, N., Pfeifer, G., Faber, W., Eiter, T., Gottlob, G., Perri, S., Scarcello, F. The DLV System for knowledge representation and reasoning. TOCL (2005)
Li N., Grosof B.N., Feigenbaum J. (2003) Delegation logic: a logic-based approach to distributed authorization. TISSEC 6(1): 128–171
Li, N., Mitchell, J.C., Winsborough, W.H. Design a role-based trust-management framework. In: Proceedings of Symposium on Security and Privacy, pp. 114–130. IEEE Press (2002)
Liu, L., Yu, E.S.K., Mylopoulos, J. Security and Privacy Requirements Analysis within a Social Setting. In: Proceedings of RE’03, pp. 151–161. IEEE Press (2003)
Massacci, F., Mylopoulos, J., Zannone, N. From hippocratic databases to secure tropos: a computer-aided re- engineering Approach. IJSEKE (2006). (in press).
Massacci, F., Penserini, L. (eds.) In: Proceedings of Symposium on Requirements Engineering for Information Security (2005)
Massacci F., Prest M., Zannone N. (2005) Using a security requirements engineering methodology in practice: the compliance with the italian data protection legislation. Comp. Stand. Inter. 27(5): 445–455
Massacci, F., Zannone, N. Detecting conflicts between functional and security requirements with secure tropos: John Rusnak and the allied irish bank. Tech. Rep. DIT-06-002, University of Trento (2006)
McDermott, J., Fox, C. Using abuse case models for security requirements Analysis. In: Proceedings of ACSAC’99, pp. 55–66. IEEE Press (1999)
McKnight, D.H., Chervany, N.L. The meanings of trust. Tech. Rep. 96-04, MIS Research Center (1996)
Sandhu R.S., Coyne E.J., Feinstein H.L., Youman C.E. (1996) Role-based access control models. IEEE Comp. 29(2): 38–47
Sindre G., Opdahl A.L. (2005) Eliciting security requirements with misuse cases. Requirements Eng. J. 10(1): 34–44
Sommerville I. (2001) Software engineering. Addison-Wesley, Reading
Toval, A., Olmos, A., Piattini, M. Legal requirements reuse: a critical success factor for requirements quality and personal data protection. In: Proceedings of RE’02, pp. 95 –103. IEEE Press (2002)
Tryfonas T., Kiountouzis E., Poulymenakou A. (2001) Embedding security practices in contemporary information systems development approaches. Inform. Manage. Comp. Sec. 9, 183–197
van Lamsweerde, A., Brohez, S., De Landtsheer, R., Janssens, D. From system goals to intruder anti-goals: attack generation and resolution for security requirements engineering. In: Proceedings of RHAS’03, pp. 49–56 (2003)
Yu, E., Cysneiros, L. designing for privacy and other competing requirements. In: Proceedings of SREIS’02 (2002)
Yu, E.S.K. Modelling strategic relationships for process reengineering. Ph.D. thesis, University of Toronto (1996)
Author information
Authors and Affiliations
Corresponding author
Additional information
This work is an expanded and revised version of [19,20].
Rights and permissions
About this article
Cite this article
Giorgini, P., Massacci, F., Mylopoulos, J. et al. Requirements engineering for trust management: model, methodology, and reasoning. Int. J. Inf. Secur. 5, 257–274 (2006). https://doi.org/10.1007/s10207-006-0005-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-006-0005-7