Computer Security is one of today's hot topic and the need for conceptual models of security features have brought up a number of proposals ranging from UML extensions to novel conceptual mod- els. What is still missing, however, are models that focus on high-level security requirements, without forcing the modeler to immediately get down to security mechanisms. The modeling process itself should make it clear why encryption, authentication or access control are necessary, and what are the tradeos, if they are selected. In this paper we show that the i*/Tropos framework lacks the ability to capture these essential features and needs to be augmented. To motivate our proposal, we build upon a substantial case study {the modeling of the Secure Electronic Transactions e-commerce suites by VISA and MasterCard {to identify missing modeling features. In a nutshell, the key missing concept is the separation of the notion of oering a service (of a handling data, performing a task or fullling a goal) and ownership of the very same service. This separation is what makes security essential. The ability of the methodology to model a clear dependency relation between those oering a service (the merchant processing a credit card number), those requesting the service (the bank debiting the payment), and those owning the very same data (the cardholder), make security solutions emerge as a natural consequence of the modeling process.

Requirement Engineering meets Security: A Case Study on Modelling Secure Electronic Transactions by VISA and Mastercard / Massacci, Fabio; Mylopoulos, John; Giorgini, Paolo. - ELETTRONICO. - (2003).

Requirement Engineering meets Security: A Case Study on Modelling Secure Electronic Transactions by VISA and Mastercard

Massacci, Fabio;Mylopoulos, John;Giorgini, Paolo
2003-01-01

Abstract

Computer Security is one of today's hot topic and the need for conceptual models of security features have brought up a number of proposals ranging from UML extensions to novel conceptual mod- els. What is still missing, however, are models that focus on high-level security requirements, without forcing the modeler to immediately get down to security mechanisms. The modeling process itself should make it clear why encryption, authentication or access control are necessary, and what are the tradeos, if they are selected. In this paper we show that the i*/Tropos framework lacks the ability to capture these essential features and needs to be augmented. To motivate our proposal, we build upon a substantial case study {the modeling of the Secure Electronic Transactions e-commerce suites by VISA and MasterCard {to identify missing modeling features. In a nutshell, the key missing concept is the separation of the notion of oering a service (of a handling data, performing a task or fullling a goal) and ownership of the very same service. This separation is what makes security essential. The ability of the methodology to model a clear dependency relation between those oering a service (the merchant processing a credit card number), those requesting the service (the bank debiting the payment), and those owning the very same data (the cardholder), make security solutions emerge as a natural consequence of the modeling process.
2003
Trento, Italia
Università degli Studi di Trento. DEPARTMENT OF INFORMATION AND COMMUNICATION TECHNOLOGY
Requirement Engineering meets Security: A Case Study on Modelling Secure Electronic Transactions by VISA and Mastercard / Massacci, Fabio; Mylopoulos, John; Giorgini, Paolo. - ELETTRONICO. - (2003).
Massacci, Fabio; Mylopoulos, John; Giorgini, Paolo
File in questo prodotto:
File Dimensione Formato  
027.pdf

accesso aperto

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 456.13 kB
Formato Adobe PDF
456.13 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/358786
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact