Security

Secure Tropos

Secure Tropos extends Tropos in order to model and analyze security requirements alongside functional requirements. The methodology provides a requirements analysis process that drives system designers from the acquisition of requirements up to their verification. Two versions of Secure Tropos exist.

  • based on the SI* conceptual modeling language, which extends Eric Yu's i* language. The common concepts of actor, goal, task, and resource are augmented with a set of security-related concepts [website]
  • extends the Tropos language as well as its development process. The language extension consists of redefining existing concepts with security in mind as well as introducing new concepts (security constraints, secure goal, secure plan, ...) [website]



The Socio-Technical Security modeling language

The observation that security has to be considered at the socio-technical level, i.e., that systems are part of a broader socio-technical system, along with other systems as well as social actors, led to the development of the Socio-Technical Security modeling language (STS-ml). This language, which belongs to the family of i*/Tropos based approaches, provides a rich language for the specification of security requirements in socio-technical systems. STS-ml is supported by a fully-fledged modeling and analysis tool called STS-Tool [website]  

AuthorsTitlesort iconPlace publishedYear published
P. Giorgini; G. Manson; H. MouratidisWhen Security Meets Software Engineering: A Case of Modeling Secure Information Systems.Information System (2005)2005DownloadDetails
P. Giorgini; G. Manson; H. Mouratidis; I. PhilpUsing Tropos Methodology to Model and integrated Health Assessment System.Fourth International Bi-Conference Workshop on Agent-Oriented Information systems (AOIS-02)2002Details
P. Giorgini; G. Manson; H. MouratidisUsing Security Attack Scenarios to Analyse Security During Information Systems Design.6th International Conference on Enterprise Information Systems (2004)2004Details
P. Giorgini; G. Manson; H. MouratidisTowards the Development of Secure Information Systems: Security Reference Diagrams and Security Attack Scenarios.16th Conference On Advanced Information Systems Engineering (CAiSE*04)2004Details
E. Paja and F. Dalpiaz and M. Poggianella and P. Roberti and P. GiorginiSTS-Tool: Using Commitments to Specify Socio-Technical Security Requirements31st International Conference on Conceptual Modeling2012DownloadDetails
E. Paja and F. Dalpiaz and M. Poggianella and P. Roberti and P. GiorginiSTS-Tool: Socio-Technical Security Requirements through Social CommitmentsProceedings of the 20th International IEEE Conference on Requirements Engineering (RE'12)2012DownloadDetails
P. Giorgini; F. Massacci; J. Mylopoulos; A. Siena; N. ZannoneST-Tool: A CASE Tool for Modeling and Analyzing Trust RequirementsThird International Conference on Trust Management (iTrust 2005)2005DownloadDetails
F. Dalpiaz and E. Paja and P. GiorginiSecurity Requirements Engineering via CommitmentsProceedings of the First Workshop on Socio-Technical Aspects in Security and Trust (STAST'11)2011DownloadDetails
F. Dalpiaz and E. Paja and P. GiorginiSecurity Requirements Engineering for Service-Oriented ApplicationsProceedings of the Fifth International i* Workshop (istar'11)2011DownloadDetails
P. Giorgini; H. Mouratidis; M. WeissSecurity patterns meet agent oriented software engineering: a complementary solution for developing security information systems.24th International Conference on Conceptual Modelling (ER'05)2005Details
P. Giorgini; H. Mouratidis; M. SchumacherSecurity Patterns for Agent Systems.Eighth European Conference on Pattern Languages of Programs (2003)2003DownloadDetails
P. Giorgini; F. Massacci; N. ZannoneSecurity and Trust Requirements Engineering.Foundations of Security Analysis and Design III2005DownloadDetails
P. Giorgini; H. MouratidisSecure Tropos: A Security-Oriented Extension of the Tropos Methodology.Journal of Autonomous Agents and Mult-Agent Systems2005Details
P. Giorgini; F. Massacci; J. Mylopoulos; N. ZannoneRequirements Engineering meets Trust Management: Model, Methodology, and Reasoning.Second International Conference on Trust Management (iTrust 2004)2004DownloadDetails
Giorgini, P.; Massacci, F.; Mylopoulos, J.Requirement Engineering meets Security: A Case Study on Modelling Secure Electronic Transactions by VISA and Mastercard22nd International Conference on Conceptual Modeling (ER 2003)2003Details
P. Giorgini; G. Manson; H. MouratidisOn Security Requirements Analysis for Multi-Agent Systems.2nd International Workshop on Software Engineering for Large-Scale Multi-Agent Systems SELMAS 2003 in conjunction with the 25th International Conference on Software Engineering (ICSE 2003)2003DownloadDetails
P. Bresciani; P. Giorgini; G. Manson; H. MouratidisMulti-Agent Systems and Security Requirements Analysis.Software Engineering for Multi-Agent Systems II2004DownloadDetails
V. E. Silva Souza; J. MylopoulosMonitoring and Diagnosing Malicious Attacks with Autonomic Software28th International Conference on Conceptual Modeling (ER 2009)2009Details
E. Paja and F. Dalpiaz and M. Poggianella and P. Roberti and P. GiorginiModelling Security Requirements in Socio-Technical Systems with STS-ToolForum of the Conference on Advanced Information Systems Engineering2012DownloadDetails
P. Giorgini; G. Manson; H. MouratidisModelling Secure Multiagent Systems.2nd International Joint Conference on Autonomous Agents and Multiagent Systems (2003)2003DownloadDetails
Asnar, Y.; Giorgini, P.Modelling Risk and Identifying Countermeasure in Organizations.1st International Workshop on Critical Information Infrastructures Security (CRITIS '06)2006DownloadDetails
P. Giorgini; G. Manson; H. Mouratidis; I. PhilpModelling an agent-based integrated health and social care information system for older people.International Workshop on Agents Applied in Health Care (2002)2002Details
P. Giorgini; F. Massacci; J. Mylopoulos; N. ZannoneModeling Social and Individual Trust in Requirements Engineering Methodologies.Third International Conference on Trust Management (iTrust 2005)2005Details
P. Giorgini; F. Massacci; J. Mylopoulos; N. ZannoneModeling Security Requirements Through Ownership, Permission and Delegation.13th IEEE International Requirements Engineering Conference (RE'05)2005DownloadDetails
P. Giorgini; H. Mouratidis; M. WeissModeling Secure Systems Using An Agent-Oriented Approach and Security Patterns.International Journal of Software Engineering and Knowledge Engineering (IJSEKE)2005Details
P. Giorgini; G. Manson; H. MouratidisIntegrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems.15th Conference On Advanced Information Systems Engineering (CAiSE*03)2003Details
P. Giorgini; H. Mouratidis; M. WeissIntegrating Patterns and Agent-Oriented Methodologies to Provide Better Solutions for the Development of Secure Agent Systems.Workshop on Expressiveness of Pattern Languages 2003, at ChiliPLoP (2003)2003DownloadDetails
Asnar, Y.; Giorgini, P.; Massacci, F.; Zannone, N.From Trust to Dependability through Risk Analysis.Second International Conference on Availability, Reliability and Security (AReS 2007)2007DownloadDetails
S. Troesterer and E. Beck and F. Dalpiaz and E. Paja and P. Giorgini and M. TscheligiFormative User-Centered Evaluation of Security Modeling: Results from a Case StudyInternational Journal of Secure Software Engineering2012DownloadDetails
P. Giorgini; F. Massacci; J. Mylopoulos; N. ZannoneFilling the gap between Requirements Engineering and Public Key/Trust Management Infrastructures.1st European PKI Workshop: Research and Applications (1st EuroPKI)2004DownloadDetails
Bryl, V.; Dalpiaz, F.; Ferrario, R.; Mattioli, A.; Villafiorita, A.Evaluating Procedural Alternatives: a Case Study in e-Voting.Electronic Government, an International Journal2009DownloadDetails
Bryl, V.; Dalpiaz, F.; Ferrario, R.; Mattioli, A.; Villafiorita, A.Evaluating Procedural Alternatives. A Case Study in E-Voting.1st International Conference on Methodologies, Technologies and Tools enabling e-Government (MeTTeG'07)2007DownloadDetails
Bryl, V.; Massacci, F.; Mylopoulos, J.; Zannone, N.Designing Security Requirements Models through Planning.18th Conference on Advanced Information Systems Engineering (CAiSE'06)2006DownloadDetails
A. Gani; P. Giorgini; G. Manson; H. MouratidisAnalysing Security Requirements of Information Systems Using Tropos.International Conference on Enterprise Information Systems2003Details
P. Giorgini; H. MouratidisAnalysing Security in Information Systems.Second International Workshop on Security In Information Systems (WOSIS-2004)2004Details
P. Giorgini; G. Manson; H. MouratidisAn Ontology for Modelling Security: The Tropos Approach.KES 2003 Invited Session Ontology and Multi-Agent Systems Design (OMASD'03)2003DownloadDetails
P. Giorgini; G. Manson; H. Mouratidis; I. PhilpA Natural Extension of Tropos Methodology for Modelling Security.Workshop on Agent-oriented methodologies, at OOPSLA 20022002DownloadDetails

 

Back to top