IRIS

Personal data have become a central asset for multiple enterprise applications and online services offered by private companies, public organisations or a combination of both. The sensitivity of such data and the continuously growing legislation that accompanies their management dictate the development of methods that allow the development of more secure, trustworthy software systems with focus on privacy protection. The contribution of this paper is the definition of a novel requirements engineering method that supports both early and late requirements specification, giving emphasis on security, privacy and trust. The novelty of our work is that it provides the means for software designers and security experts to analyse the system-to-be from multiple aspects, starting from identifying high-level goals to the definition of business process composition, and elicitation of mechanisms to fortify the system from external threats. The method is supported by two CASE tools. To demonstrate the applicability and usefulness of our work, the paper shows its applications to a real-world case study.

Modelling the interplay of security, privacy and trust in sociotechnical systems: a computer-aided design approach / Salnitri, Mattia; Angelopoulos, Konstantinos; Pavlidis, Michalis; Diamantopoulou, Vasiliki; Mouratidis, Haralambos; Giorgini, Paolo. - In: SOFTWARE AND SYSTEMS MODELING. - ISSN 1619-1366. - 19:2(2020), pp. 467-491. [10.1007/s10270-019-00744-x]

Modelling the interplay of security, privacy and trust in sociotechnical systems: a computer-aided design approach

Salnitri, Mattia;Angelopoulos, Konstantinos;Giorgini, Paolo
2020-01-01

Abstract

Personal data have become a central asset for multiple enterprise applications and online services offered by private companies, public organisations or a combination of both. The sensitivity of such data and the continuously growing legislation that accompanies their management dictate the development of methods that allow the development of more secure, trustworthy software systems with focus on privacy protection. The contribution of this paper is the definition of a novel requirements engineering method that supports both early and late requirements specification, giving emphasis on security, privacy and trust. The novelty of our work is that it provides the means for software designers and security experts to analyse the system-to-be from multiple aspects, starting from identifying high-level goals to the definition of business process composition, and elicitation of mechanisms to fortify the system from external threats. The method is supported by two CASE tools. To demonstrate the applicability and usefulness of our work, the paper shows its applications to a real-world case study.
2020
SOFTWARE AND SYSTEMS MODELING
2
2-s2.0-85069478305
WOS:000519162200013
Salnitri, Mattia; Angelopoulos, Konstantinos; Pavlidis, Michalis; Diamantopoulou, Vasiliki; Mouratidis, Haralambos; Giorgini, Paolo
Modelling the interplay of security, privacy and trust in sociotechnical systems: a computer-aided design approach / Salnitri, Mattia; Angelopoulos, Konstantinos; Pavlidis, Michalis; Diamantopoulou, Vasiliki; Mouratidis, Haralambos; Giorgini, Paolo. - In: SOFTWARE AND SYSTEMS MODELING. - ISSN 1619-1366. - 19:2(2020), pp. 467-491. [10.1007/s10270-019-00744-x]
File in questo prodotto:
File Dimensione Formato  
Salnitri2020_Article_ModellingTheInterplayOfSecurit.pdf

Solo gestori archivio

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 4.59 MB
Formato Adobe PDF
  Visualizza/Apri
4.59 MB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/291772
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 9
  • ???jsp.display-item.citation.isi??? 8
social impact