Security
Secure Tropos
Secure Tropos extends Tropos in order to model and analyze security requirements alongside functional requirements. The methodology provides a requirements analysis process that drives system designers from the acquisition of requirements up to their verification. Two versions of Secure Tropos exist.
- based on the SI* conceptual modeling language, which extends Eric Yu's i* language. The common concepts of actor, goal, task, and resource are augmented with a set of security-related concepts [website]
- extends the Tropos language as well as its development process. The language extension consists of redefining existing concepts with security in mind as well as introducing new concepts (security constraints, secure goal, secure plan, ...) [website]
The Socio-Technical Security modeling language
The observation that security has to be considered at the socio-technical level, i.e., that systems are part of a broader socio-technical system, along with other systems as well as social actors, led to the development of the Socio-Technical Security modeling language (STS-ml). This language, which belongs to the family of i*/Tropos based approaches, provides a rich language for the specification of security requirements in socio-technical systems. STS-ml is supported by a fully-fledged modeling and analysis tool called STS-Tool [website]
| Authors | Title | Place published | Year published | ||
|---|---|---|---|---|---|
| S. Troesterer and E. Beck and F. Dalpiaz and E. Paja and P. Giorgini and M. Tscheligi | Formative User-Centered Evaluation of Security Modeling: Results from a Case Study | International Journal of Secure Software Engineering | 2012 | Download | Details |
| E. Paja and F. Dalpiaz and M. Poggianella and P. Roberti and P. Giorgini | Modelling Security Requirements in Socio-Technical Systems with STS-Tool | Forum of the Conference on Advanced Information Systems Engineering | 2012 | Download | Details |
| E. Paja and F. Dalpiaz and M. Poggianella and P. Roberti and P. Giorgini | STS-Tool: Using Commitments to Specify Socio-Technical Security Requirements | 31st International Conference on Conceptual Modeling | 2012 | Download | Details |
| E. Paja and F. Dalpiaz and M. Poggianella and P. Roberti and P. Giorgini | STS-Tool: Socio-Technical Security Requirements through Social Commitments | Proceedings of the 20th International IEEE Conference on Requirements Engineering (RE'12) | 2012 | Download | Details |
| F. Dalpiaz and E. Paja and P. Giorgini | Security Requirements Engineering for Service-Oriented Applications | Proceedings of the Fifth International i* Workshop (istar'11) | 2011 | Download | Details |
| F. Dalpiaz and E. Paja and P. Giorgini | Security Requirements Engineering via Commitments | Proceedings of the First Workshop on Socio-Technical Aspects in Security and Trust (STAST'11) | 2011 | Download | Details |
| Bryl, V.; Dalpiaz, F.; Ferrario, R.; Mattioli, A.; Villafiorita, A. | Evaluating Procedural Alternatives: a Case Study in e-Voting. | Electronic Government, an International Journal | 2009 | Download | Details |
| V. E. Silva Souza; J. Mylopoulos | Monitoring and Diagnosing Malicious Attacks with Autonomic Software | 28th International Conference on Conceptual Modeling (ER 2009) | 2009 | Details | |
| Bryl, V.; Dalpiaz, F.; Ferrario, R.; Mattioli, A.; Villafiorita, A. | Evaluating Procedural Alternatives. A Case Study in E-Voting. | 1st International Conference on Methodologies, Technologies and Tools enabling e-Government (MeTTeG'07) | 2007 | Download | Details |
| Asnar, Y.; Giorgini, P.; Massacci, F.; Zannone, N. | From Trust to Dependability through Risk Analysis. | Second International Conference on Availability, Reliability and Security (AReS 2007) | 2007 | Download | Details |
| Bryl, V.; Massacci, F.; Mylopoulos, J.; Zannone, N. | Designing Security Requirements Models through Planning. | 18th Conference on Advanced Information Systems Engineering (CAiSE'06) | 2006 | Download | Details |
| Asnar, Y.; Giorgini, P. | Modelling Risk and Identifying Countermeasure in Organizations. | 1st International Workshop on Critical Information Infrastructures Security (CRITIS '06) | 2006 | Download | Details |
| P. Giorgini; F. Massacci; J. Mylopoulos; N. Zannone | Modeling Security Requirements Through Ownership, Permission and Delegation. | 13th IEEE International Requirements Engineering Conference (RE'05) | 2005 | Download | Details |
| P. Giorgini; H. Mouratidis; M. Weiss | Security patterns meet agent oriented software engineering: a complementary solution for developing security information systems. | 24th International Conference on Conceptual Modelling (ER'05) | 2005 | Details | |
| P. Giorgini; G. Manson; H. Mouratidis | When Security Meets Software Engineering: A Case of Modeling Secure Information Systems. | Information System (2005) | 2005 | Download | Details |
| P. Giorgini; H. Mouratidis; M. Weiss | Modeling Secure Systems Using An Agent-Oriented Approach and Security Patterns. | International Journal of Software Engineering and Knowledge Engineering (IJSEKE) | 2005 | Details | |
| P. Giorgini; H. Mouratidis | Secure Tropos: A Security-Oriented Extension of the Tropos Methodology. | Journal of Autonomous Agents and Mult-Agent Systems | 2005 | Details | |
| P. Giorgini; F. Massacci; J. Mylopoulos; A. Siena; N. Zannone | ST-Tool: A CASE Tool for Modeling and Analyzing Trust Requirements | Third International Conference on Trust Management (iTrust 2005) | 2005 | Download | Details |
| P. Giorgini; F. Massacci; N. Zannone | Security and Trust Requirements Engineering. | Foundations of Security Analysis and Design III | 2005 | Download | Details |
| P. Giorgini; F. Massacci; J. Mylopoulos; N. Zannone | Modeling Social and Individual Trust in Requirements Engineering Methodologies. | Third International Conference on Trust Management (iTrust 2005) | 2005 | Details | |
| P. Giorgini; F. Massacci; J. Mylopoulos; N. Zannone | Filling the gap between Requirements Engineering and Public Key/Trust Management Infrastructures. | 1st European PKI Workshop: Research and Applications (1st EuroPKI) | 2004 | Download | Details |
| P. Giorgini; F. Massacci; J. Mylopoulos; N. Zannone | Requirements Engineering meets Trust Management: Model, Methodology, and Reasoning. | Second International Conference on Trust Management (iTrust 2004) | 2004 | Download | Details |
| P. Giorgini; G. Manson; H. Mouratidis | Using Security Attack Scenarios to Analyse Security During Information Systems Design. | 6th International Conference on Enterprise Information Systems (2004) | 2004 | Details | |
| P. Giorgini; H. Mouratidis | Analysing Security in Information Systems. | Second International Workshop on Security In Information Systems (WOSIS-2004) | 2004 | Details | |
| P. Giorgini; G. Manson; H. Mouratidis | Towards the Development of Secure Information Systems: Security Reference Diagrams and Security Attack Scenarios. | 16th Conference On Advanced Information Systems Engineering (CAiSE*04) | 2004 | Details | |
| P. Bresciani; P. Giorgini; G. Manson; H. Mouratidis | Multi-Agent Systems and Security Requirements Analysis. | Software Engineering for Multi-Agent Systems II | 2004 | Download | Details |
| Giorgini, P.; Massacci, F.; Mylopoulos, J. | Requirement Engineering meets Security: A Case Study on Modelling Secure Electronic Transactions by VISA and Mastercard | 22nd International Conference on Conceptual Modeling (ER 2003) | 2003 | Details | |
| P. Giorgini; H. Mouratidis; M. Schumacher | Security Patterns for Agent Systems. | Eighth European Conference on Pattern Languages of Programs (2003) | 2003 | Download | Details |
| P. Giorgini; G. Manson; H. Mouratidis | An Ontology for Modelling Security: The Tropos Approach. | KES 2003 Invited Session Ontology and Multi-Agent Systems Design (OMASD'03) | 2003 | Download | Details |
| P. Giorgini; G. Manson; H. Mouratidis | Modelling Secure Multiagent Systems. | 2nd International Joint Conference on Autonomous Agents and Multiagent Systems (2003) | 2003 | Download | Details |
| P. Giorgini; G. Manson; H. Mouratidis | Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems. | 15th Conference On Advanced Information Systems Engineering (CAiSE*03) | 2003 | Details | |
| P. Giorgini; G. Manson; H. Mouratidis | On Security Requirements Analysis for Multi-Agent Systems. | 2nd International Workshop on Software Engineering for Large-Scale Multi-Agent Systems SELMAS 2003 in conjunction with the 25th International Conference on Software Engineering (ICSE 2003) | 2003 | Download | Details |
| A. Gani; P. Giorgini; G. Manson; H. Mouratidis | Analysing Security Requirements of Information Systems Using Tropos. | International Conference on Enterprise Information Systems | 2003 | Details | |
| P. Giorgini; H. Mouratidis; M. Weiss | Integrating Patterns and Agent-Oriented Methodologies to Provide Better Solutions for the Development of Secure Agent Systems. | Workshop on Expressiveness of Pattern Languages 2003, at ChiliPLoP (2003) | 2003 | Download | Details |
| P. Giorgini; G. Manson; H. Mouratidis; I. Philp | A Natural Extension of Tropos Methodology for Modelling Security. | Workshop on Agent-oriented methodologies, at OOPSLA 2002 | 2002 | Download | Details |
| P. Giorgini; G. Manson; H. Mouratidis; I. Philp | Modelling an agent-based integrated health and social care information system for older people. | International Workshop on Agents Applied in Health Care (2002) | 2002 | Details | |
| P. Giorgini; G. Manson; H. Mouratidis; I. Philp | Using Tropos Methodology to Model and integrated Health Assessment System. | Fourth International Bi-Conference Workshop on Agent-Oriented Information systems (AOIS-02) | 2002 | Details |
