Modeling Security Requirements Through Ownership, Permission and Delegation

 
EPrints.org
Agentlink Clearinghouse is powered by GNU EPrints developed by the School of Electronics and Computer Science of the University of Southampton.
Type: Conference or Workshop Item (Paper)

Giorgini, P. and Massacci, F. and Mylopoulos, J. and Zannone, N. (2005) Modeling Security Requirements Through Ownership, Permission and Delegation. In: 13th IEEE International Requirements Engineering Conference, 29 Aug - 02 Sep 2005, Paris, France.

Full text not available from this archive.

Abstract

Security Requirements Engineering is emerging as a branch of Software Engineering, spurred by the realization that security must be dealt with early on during the requirements phase. Methodologies in this field are challenging, as they must take into account subtle notions such as trust (or lack thereof), delegation, and permission; they must also model entire organizations and not only systems-to-be. In our previous work we introduced Secure Tropos, a formal framework for modeling and analyzing security requirements. Secure Tropos is founded on three main notions: ownership, trust, and delegation. In this paper we refine Secure Tropos introducing the notions of at-least delegation and trust of execution; also, at-most delegation and trust of permission. We also propose monitoring as a security design pattern intended to overcome the problem of lack of trust between actors. The paper presents a semantics for these notions, and describes an implemented formal reasoning tool based on Datalog.

Deposited by Nicola Zannone on 04 October 2005

Archive Staff Only: edit this record

   

AgentLink is the European Commission's IST-funded Coordination Action for Agent-Based Computing
and is coordinated by the
University of Liverpool and University of Southampton
If you encounter any problems with these pages please contact web@agentlink.org.