Requirements are conflicting when there exist no system that satisfies them all. Conflicts often originate from clashing needs of different stakeholders. Security requirements are no exception to the rule; moreover, their violation leads to severe consequences, such as privacy infringement, which, in many countries, implies burdensome monetary sanctions. In large (security) requirements models, conflicts are hard or impossible to identify manually. In these cases, automated reasoning is necessary. In this paper, we propose a reasoning framework to detect conflicting security requirements as well as conflicts between security requirements and business policies. Our framework formalises the STS-ml requirements modelling language for socio-technical systems. These systems consist of mutually interdependent humans, organisations, and software. In addition to presenting the framework, we apply the it to a case study about e-Government, and we report on promising scalability results of our implementation.

Identifying Conflicts in Security Requirements with STS-ml / Paja, Elda; Giorgini, Paolo; Dalpiaz, Fabiano. - ELETTRONICO. - (2012), pp. 1-28.

Identifying Conflicts in Security Requirements with STS-ml

Paja, Elda
Primo
;
Giorgini, Paolo
Ultimo
;
Dalpiaz, Fabiano
Secondo
2012-01-01

Abstract

Requirements are conflicting when there exist no system that satisfies them all. Conflicts often originate from clashing needs of different stakeholders. Security requirements are no exception to the rule; moreover, their violation leads to severe consequences, such as privacy infringement, which, in many countries, implies burdensome monetary sanctions. In large (security) requirements models, conflicts are hard or impossible to identify manually. In these cases, automated reasoning is necessary. In this paper, we propose a reasoning framework to detect conflicting security requirements as well as conflicts between security requirements and business policies. Our framework formalises the STS-ml requirements modelling language for socio-technical systems. These systems consist of mutually interdependent humans, organisations, and software. In addition to presenting the framework, we apply the it to a case study about e-Government, and we report on promising scalability results of our implementation.
2012
Trento
Università degli Studi di Trento, Dipartimento di Ingegneria e Scienza dell'Informazione
Identifying Conflicts in Security Requirements with STS-ml / Paja, Elda; Giorgini, Paolo; Dalpiaz, Fabiano. - ELETTRONICO. - (2012), pp. 1-28.
Paja, Elda; Giorgini, Paolo; Dalpiaz, Fabiano
File in questo prodotto:
File Dimensione Formato  
tr-identifying-sec-conflicts.pdf

accesso aperto

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 2.67 MB
Formato Adobe PDF
2.67 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/359368
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact