Personal data have become a central asset for multiple enterprise applications and online services offered by private companies, public organisations or a combination of both. The sensitivity of such data and the continuously growing legislation that accompanies their management dictate the development of methods that allow the development of more secure, trustworthy software systems with focus on privacy protection. The contribution of this paper is the definition of a novel requirements engineering method that supports both early and late requirements specification, giving emphasis on security, privacy and trust. The novelty of our work is that it provides the means for software designers and security experts to analyse the system-to-be from multiple aspects, starting from identifying high-level goals to the definition of business process composition, and elicitation of mechanisms to fortify the system from external threats. The method is supported by two CASE tools. To demonstrate the applicability and usefulness of our work, the paper shows its applications to a real-world case study.
Modelling the interplay of security, privacy and trust in sociotechnical systems: a computer-aided design approach / Salnitri, Mattia; Angelopoulos, Konstantinos; Pavlidis, Michalis; Diamantopoulou, Vasiliki; Mouratidis, Haralambos; Giorgini, Paolo. - In: SOFTWARE AND SYSTEMS MODELING. - ISSN 1619-1366. - 19:2(2020), pp. 467-491. [10.1007/s10270-019-00744-x]
Modelling the interplay of security, privacy and trust in sociotechnical systems: a computer-aided design approach
Salnitri, Mattia;Angelopoulos, Konstantinos;Giorgini, Paolo
2020-01-01
Abstract
Personal data have become a central asset for multiple enterprise applications and online services offered by private companies, public organisations or a combination of both. The sensitivity of such data and the continuously growing legislation that accompanies their management dictate the development of methods that allow the development of more secure, trustworthy software systems with focus on privacy protection. The contribution of this paper is the definition of a novel requirements engineering method that supports both early and late requirements specification, giving emphasis on security, privacy and trust. The novelty of our work is that it provides the means for software designers and security experts to analyse the system-to-be from multiple aspects, starting from identifying high-level goals to the definition of business process composition, and elicitation of mechanisms to fortify the system from external threats. The method is supported by two CASE tools. To demonstrate the applicability and usefulness of our work, the paper shows its applications to a real-world case study.File | Dimensione | Formato | |
---|---|---|---|
Salnitri2020_Article_ModellingTheInterplayOfSecurit.pdf
Solo gestori archivio
Tipologia:
Versione editoriale (Publisher’s layout)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
4.59 MB
Formato
Adobe PDF
|
4.59 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione