IRIS

Security Requirements Engineering (SRE) is concerned with the elicitation of security needs and the specification of security requirements of the system-to-be. Current approaches to SRE either express stakeholders' needs via high-level organisational abstractions that are hard to map to system design, or specify only technical security requirements. In this paper, we introduce SecCo, an SRE framework that starts with goal-oriented modelling of the security needs and derives security requirements from such needs. Importantly, SecCo relates security requirements to the interaction among actors. Security requirements are specified as social commitments - promises with contractual validity from one actor to another - that define constraints on the way actors can interact. These commitments shall be implemented by the system-to-be.

Security requirements engineering via commitments

Dalpiaz, Fabiano;Paja, Elda;Giorgini, Paolo
2011-01-01

Abstract

Security Requirements Engineering (SRE) is concerned with the elicitation of security needs and the specification of security requirements of the system-to-be. Current approaches to SRE either express stakeholders' needs via high-level organisational abstractions that are hard to map to system design, or specify only technical security requirements. In this paper, we introduce SecCo, an SRE framework that starts with goal-oriented modelling of the security needs and derives security requirements from such needs. Importantly, SecCo relates security requirements to the interaction among actors. Security requirements are specified as social commitments - promises with contractual validity from one actor to another - that define constraints on the way actors can interact. These commitments shall be implemented by the system-to-be.
2011
Proc. of the 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST 2011)
USA
IEEE
9781457711824
2-s2.0-84868327624
Dalpiaz, Fabiano; Paja, Elda; Giorgini, Paolo
File in questo prodotto:
File Dimensione Formato  
stast11.pdf

Solo gestori archivio

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 249.52 kB
Formato Adobe PDF
  Visualizza/Apri
249.52 kB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/89838
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 37
  • ???jsp.display-item.citation.isi??? ND
social impact