Security Requirements Engineering (SRE) is concerned with detect- ing and analysing security issues early in the software development process. Some variants of i; start since early requirements and rely on modelling actors and their dependencies. Though useful for traditional information systems devel- opment, these approaches adopt a bird's eye perspective that is inadequate for service-oriented applications, in which multiple autonomous and heterogeneous agents interact to achieve their own strategic interests. In this paper we present SecCo (Security via Commitments), a novel SRE frame- work expressly thought for service-oriented settings. The key intuition is to relate security requirements to interaction. In order to do so, we specify security re- quirements in terms of social commitments, promises with contractual validity between agents. These commitments describe the security properties the service provider commits to ensure to the consumer while delivering the service.

Security Requirements Engineering for Service-Oriented Applications

Dalpiaz, Fabiano;Paja, Elda;Giorgini, Paolo
2011-01-01

Abstract

Security Requirements Engineering (SRE) is concerned with detect- ing and analysing security issues early in the software development process. Some variants of i; start since early requirements and rely on modelling actors and their dependencies. Though useful for traditional information systems devel- opment, these approaches adopt a bird's eye perspective that is inadequate for service-oriented applications, in which multiple autonomous and heterogeneous agents interact to achieve their own strategic interests. In this paper we present SecCo (Security via Commitments), a novel SRE frame- work expressly thought for service-oriented settings. The key intuition is to relate security requirements to interaction. In order to do so, we specify security re- quirements in terms of social commitments, promises with contractual validity between agents. These commitments describe the security properties the service provider commits to ensure to the consumer while delivering the service.
2011
Proceedings of the Fifth International i* Workshop
Aachen, Germany
CEUR
Dalpiaz, Fabiano; Paja, Elda; Giorgini, Paolo
File in questo prodotto:
File Dimensione Formato  
istar11-a.pdf

Solo gestori archivio

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 114.02 kB
Formato Adobe PDF
114.02 kB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/89649
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact