The last years have seen a major interest in designing and deploying trust management and public key infrastructures. Yet, it is still far from clear how one can pass from the organization and system requirements to the actual credentials and attribution of permissions in the PKI infrastructure. Our goal in this paper is filling this gap. We propose a formal framework for modeling and analyzing security and trust requirements, that extends the Tropos methodology for early requirements modeling. The key intuition that underlies our work is the identification of distinct roles for actors that manipulate resources, accomplish goals or execute tasks, and actors that own or permit usage of resources or goals. The paper also presents a simple case study and a PKI/trust management implementation.

Filling the gap between Requirements Engineering and Public Key/Trust Management Infrastructures / Massacci, Fabio; Mylopoulos, John; Giorgini, Paolo; Zannone, Nicola. - ELETTRONICO. - (2004).

Filling the gap between Requirements Engineering and Public Key/Trust Management Infrastructures

Massacci, Fabio;Mylopoulos, John;Giorgini, Paolo;Zannone, Nicola
2004-01-01

Abstract

The last years have seen a major interest in designing and deploying trust management and public key infrastructures. Yet, it is still far from clear how one can pass from the organization and system requirements to the actual credentials and attribution of permissions in the PKI infrastructure. Our goal in this paper is filling this gap. We propose a formal framework for modeling and analyzing security and trust requirements, that extends the Tropos methodology for early requirements modeling. The key intuition that underlies our work is the identification of distinct roles for actors that manipulate resources, accomplish goals or execute tasks, and actors that own or permit usage of resources or goals. The paper also presents a simple case study and a PKI/trust management implementation.
2004
Trento, Italia
Università degli Studi di Trento. DEPARTMENT OF INFORMATION AND COMMUNICATION TECHNOLOGY
Filling the gap between Requirements Engineering and Public Key/Trust Management Infrastructures / Massacci, Fabio; Mylopoulos, John; Giorgini, Paolo; Zannone, Nicola. - ELETTRONICO. - (2004).
Massacci, Fabio; Mylopoulos, John; Giorgini, Paolo; Zannone, Nicola
File in questo prodotto:
File Dimensione Formato  
085.pdf

accesso aperto

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 450.22 kB
Formato Adobe PDF
450.22 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/359186
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact