Requirement Engineering Meets Security: A Case Study on Modelling Secure Electronic Transactions by VISA and Mastercard

Computer Security is one of today's hot topic and the need for conceptual models of security features have brought up a number of proposals ranging from UML extensions to novel conceptual models. What is still missing, however, are models that focus on high-level security requirements, without forcing the modeler to immediately get down to security mechanisms. The modeling process itself should make it clear why encryption, authentication or access control are necessary, and what are the tradeoffs, if they are selected. In this paper we show that the i*/Tropos framework lacks the ability to capture these essential features and needs to be augmented. To motivate our proposal, we build upon a substantial case study - the modeling of the Secure Electronic Transactions e-commerce suites by VISA and MasterCard - to identify missing modeling features. In a nutshell, the key missing concept is the separation of the notion of offering a service (of a handling data, performing a task or fulfill...