When we model and analyze trust in organizations or information systems we have to take into account two different levels of analysis: social and individual. Social levels define the structure of organizations, whereas individual levels focus on individual agents. This is particularly important when capturing security requirements where a "normally" trusted organizational role can be played by an untrusted individual. Our goal is to model and analyze the two levels finding the link between them and supporting the automatic detection of conflicts that can come up when agents play roles in the organization. We also propose a formal framework that allows for the automatic verification of security requirements between the two levels by using Datalog and has been implemented in CASE tool. © Springer-Verlag Berlin Heidelberg 2005.
Modeling Social and Individual Trust in Requirements Engineering Methodologies
Giorgini, Paolo;Massacci, Fabio;Mylopoulos, Ioannis;Zannone, Nicola
2005-01-01
Abstract
When we model and analyze trust in organizations or information systems we have to take into account two different levels of analysis: social and individual. Social levels define the structure of organizations, whereas individual levels focus on individual agents. This is particularly important when capturing security requirements where a "normally" trusted organizational role can be played by an untrusted individual. Our goal is to model and analyze the two levels finding the link between them and supporting the automatic detection of conflicts that can come up when agents play roles in the organization. We also propose a formal framework that allows for the automatic verification of security requirements between the two levels by using Datalog and has been implemented in CASE tool. © Springer-Verlag Berlin Heidelberg 2005.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
