Enhancing Secure Tropos to Effectively Deal with Security Requirements in the Development of Multiagent Systems

Mouratidis, Haralambos; Giorgini, Paolo

doi:10.1007/978-3-642-04879-1_2

Cited by 16 publications

(16 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…There are four different abstraction layers defined that describe different stages of requirements and layers of design. Secure Tropos [8] is an extension to the original Tropos methodology by adding security constraints and secure entities as well as the concepts of ownership, trust and dependency. The Secure Tropos methodology does not allow the designer to model any OWASP TOP 10 threat directly within the model, still there are some software solutions, like ScTro 2 , that support the software engineer during the design and requirements analysis phase.…”

Section: Goal Driven Approachesmentioning

confidence: 99%

Using Model Driven Security Approaches in Web Application Development

Hochreiner

Kieseberg

et al. 2014

Information and Communication Technology

View full text Add to dashboard Cite

Abstract. With the rise of Model Driven Engineering (MDE) as a software development methodology, which increases productivity and, supported by powerful code generation tools, allows a less error-prone implementation process, the idea of modeling security aspects during the design phase of the software development process was first suggested by the research community almost a decade ago. While various approaches for Model Driven Security (MDS) have been proposed during the years, it is still unclear, how these concepts compare to each other and whether they can improve the security of software projects. In this paper, we provide an evaluation of current MDS approaches based on a simple web application scenario and discuss the strengths and limitations of the various techniques, as well as the practicability of MDS for web application security in general.

show abstract

Section: Goal Driven Approachesmentioning

confidence: 99%

Using Model Driven Security Approaches in Web Application Development

Hochreiner

Kieseberg

et al. 2014

Information and Communication Technology

View full text Add to dashboard Cite

show abstract

“…There exist two extensions of Tropos called Secure Tropos: one by Mouratidis et al [60][61][62], and another one by Massacci et al [63]. Furthermore, there exists an extension of the i * -modeling framework called Secure i • Security constraint: A security constraint is defined as ''a restriction related to security issues, such as privacy, integrity and availability, which can influence the analysis and design of a multiagent system under development by restricting some alternative design solutions, by conflicting with some of the requirements of the system, or by refining some of the system's objectives.''…”

Section: Secure I * and Secure Troposmentioning

confidence: 99%

A comparison of security requirements engineering methods

et al. 2009

View full text Add to dashboard Cite

This paper presents a conceptual framework for security engineering, with a strong focus on security requirements elicitation and analysis. This conceptual framework establishes a clear-cut vocabulary and makes explicit the interrelations between the different concepts and notions used in security engineering. Further, we apply our conceptual framework to compare and evaluate current security requirements engineering approaches, such as the Common Criteria, Secure Tropos, SREP, MSRA, as well as methods based on UML and problem frames. We review these methods and assess them according to different criteria, such as the general approach and scope of the method, its validation, and quality assurance capabilities. Finally, we discuss how these methods are related to the conceptual framework and to one another.

show abstract

“…7) is the actor's knowledge of the world. All these constructs are present in both Tropos [23] [24] and Secure Tropos [9], [21], [22]. In addition Secure TROPOS introduces Security constraint and Threat.…”

Section: Secure Troposmentioning

confidence: 99%

“…A security constraint represents a restriction related to security that the system must have and actors must respect (see Fig. 3) [5] [21]. A threat (see Fig.…”

Section: Secure Troposmentioning

confidence: 99%

“…Secure dependency introduces security constraint(s) that must be respected by actors for the dependency to be satisfied [25]. This means that "the depender expects from the dependee to satisfy the security constraint(s) and also that the dependee will make effort to deliver the dependum by satisfying the security constraint(s)" [21]. The goal model allows a deeper understanding of actors' reasoning about goals to be fulfilled, plans to be performed and available resources [24].…”

Section: Secure Troposmentioning

confidence: 99%

See 1 more Smart Citation

Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development

Matulevičius

Mayer

Mouratidis

et al. 2008

Notes on Numerical Fluid Mechanics and Multidisciplinary Design

View full text Add to dashboard Cite

Abstract. Security is a major target for todays information systems (IS) designers. Security modelling languages exist to reasoning on security in the early phases of IS development, when the most crucial design decisions are made. Reasoning on security involves analysing risk, and effectively communicating risk-related information. However, we think that current languages can be improved in this respect. In this paper, we discuss this issue for Secure Tropos, the language supporting the eponymous agent-based IS development methodology. We analyse it and suggest improvements in the light of an existing reference model for IS security risk management. This allows checking of Secure Tropos concepts and terminology against those of current risk management standards, thereby improving the conceptual appropriateness of the language. The paper follows a running example, called eSAP, located in the healthcare domain.

show abstract

Enhancing Secure Tropos to Effectively Deal with Security Requirements in the Development of Multiagent Systems

Cited by 16 publications

References 10 publications

Using Model Driven Security Approaches in Web Application Development

Using Model Driven Security Approaches in Web Application Development

A comparison of security requirements engineering methods

Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development

Contact Info

Product

Resources

About