Security Requirements Engineering via Commitments

IRIS

Security Requirements Engineering (SRE) is concerned with the identification of security needs and the specification of security requirements of the system-to-be. Mainstream approaches to SRE either focus on technical security mechanisms or suggest high-level organizational abstractions that are hard to map to the actual design. Social commitments are a simple yet powerful abstraction to model social interactions and can be used effectively to specify security requirements. In this paper, we build on our previous work proposing a novel goal-oriented modelling language called SecCo—Security via Commitments—where the concept of social commitment between social and technical actors is adopted to specify security requirements. Commitments enable the development of robust applications, wherein security needs are satisfied by assigning contractual validity to interactions.

Security Requirements Engineering via Commitments / Dalpiaz, Fabiano; Paja, Elda; Giorgini, Paolo. - ELETTRONICO. - (2011).

Security Requirements Engineering via Commitments

Dalpiaz, Fabiano^Primo;Paja, Elda^Secondo;Giorgini, Paolo^Ultimo

2011-01-01

Abstract

Security Requirements Engineering (SRE) is concerned with the identification of security needs and the specification of security requirements of the system-to-be. Mainstream approaches to SRE either focus on technical security mechanisms or suggest high-level organizational abstractions that are hard to map to the actual design. Social commitments are a simple yet powerful abstraction to model social interactions and can be used effectively to specify security requirements. In this paper, we build on our previous work proposing a novel goal-oriented modelling language called SecCo—Security via Commitments—where the concept of social commitment between social and technical actors is adopted to specify security requirements. Commitments enable the development of robust applications, wherein security needs are satisfied by assigning contractual validity to interactions.

Scheda breve

Scheda completa

Scheda completa (DC)

	Anno di pubblicazione (Date of publication)
	
			2011
		
	Luogo di edizione (Place of publication)
	
			Trento
		
	Casa editrice (Publisher)
	
			Università degli Studi di Trento, Dipartimento di Ingegneria e Scienza dell'Informazione
		
	Citazione
	
			Security Requirements Engineering via Commitments / Dalpiaz, Fabiano; Paja, Elda; Giorgini, Paolo. - ELETTRONICO. - (2011).
		
	Tutti gli autori
	
			Dalpiaz, Fabiano; Paja, Elda; Giorgini, Paolo
		
	Appare nelle tipologie:
	
			07.2 Altre pubblicazioni (Other types of publications)

File in questo prodotto:

File	Dimensione	Formato
SecCo-Tech-Report.pdf accesso aperto Tipologia: Versione editoriale (Publisher’s layout) Licenza: Tutti i diritti riservati (All rights reserved) Dimensione 503.09 kB Formato Adobe PDF Visualizza/Apri	503.09 kB	Adobe PDF	Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/359545

Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni

ND

ND

ND

social impact