Secure Tropos: A Security-Oriented Extension of the Tropos Methodology

Mouratidis, Haralambos; Giorgini, Paolo

doi:10.1142/s0218194007003240

Cited by 315 publications

(252 citation statements)

References 33 publications

(66 reference statements)

Supporting

Mentioning

246

Contrasting

Unclassified

Order By: Relevance

“…The majority considers privacy as a security constraint. For example, Secure Tropos an extension of Tropos methodology proposed in [3] employs the concepts of security constraint, and secure dependency in order to model and analyze security issues during the requirements engineering phase. Similarly, the SecReq approach introduced in [4] describes a systematic approach to derive security requirements from system security objectives.…”

Section: Related Workmentioning

confidence: 99%

“…A cloud vendor may rely on other provider's subcontractor services in order to offer its services. That should not be an obstacle for users to intervene 3 with their data in case they suspects that their privacy is violated by the subcontractors. In fact cloud vendors must be able to provide all the technical, organizational and contractual means for accomplishing this functionality for the user including all respective subcontractors that the vendor cooperates and interrelates [20].…”

Section: Intervenabilitymentioning

confidence: 99%

“…That means that for several reasons, that are stated inside the contract between the cloud provider and the client, the data remain at rest after the clients deletion request for some time and are strictly accessed form specific personnel and only for certain purposes. 3 Intervention in this context includes access, rectification, erasure, blocking and objection…”

Section: Intervenabilitymentioning

confidence: 99%

“…The result of this process might be expressed in terms of a secure Tropos reference model (see [3]), as shown in Figure 2. This model is constructed during the initial stages of the system development and can be used later in the development process to identify privacy requirements that must be introduced to the system-to-be (by taking into account the privacy needs of the system) and also to identify possible means (implementation techniques) that contribute towards the satisfaction of the privacy requirements that are introduced to the system.…”

Section: Define Privacy Needsmentioning

confidence: 99%

See 3 more Smart Citations

Privacy as an Integral Part of the Implementation of Cloud Solutions

Kavakli

Kalloniatis

Mouratidis

et al. 2014

The Computer Journal

Self Cite

View full text Add to dashboard Cite

Bridging the gap between design and implementation stages has been a major concern of designers, analysts and developers of information systems and a major aspiration of a number of Information System (IS) engineering approaches. Cloud computing exacerbates the strain on traditional IS engineering approaches that service-oriented computing has started. At the same time, recent research has argued about the importance of security and privacy in a cloud environment and highlighted a number of security and privacy challenges that are not present in traditional environments and need special attention when implementing or migrating information systems into a cloud environment. This paper contributes to this direction. Specifically, it presents a number of privacy-related cloud properties that analysts need to consider when designing privacy-aware systems in a cloud environment. Also it indicates a number of implementation techniques that can assist developers in assuring the respective properties.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Intervenabilitymentioning

confidence: 99%

Section: Intervenabilitymentioning

confidence: 99%

Section: Define Privacy Needsmentioning

confidence: 99%

See 2 more Smart Citations

Privacy as an Integral Part of the Implementation of Cloud Solutions

Kavakli

Kalloniatis

Mouratidis

et al. 2014

The Computer Journal

Self Cite

View full text Add to dashboard Cite

show abstract

“…Several RE researchers suggested concepts for capturing trust relationships (e.g. [15]), but no previous work according to our knowledge, has studied the role of trust in enhancing information integrity. In this paper, we discuss the effect of trust over goal and permission delegation, since it represents the mental counter-part of delegation [9].…”

Section: Critical Information and Critical Goalmentioning

confidence: 99%

Modeling and Analyzing Information Integrity in Safety Critical Systems

Gharib

Giorgini

2013

Lecture Notes in Business Information Processing

Self Cite

View full text Add to dashboard Cite

Abstract. In safety critical systems one important aspect of information quality is ensuring information integrity. Typically, information integrity is a problem handled at technical level through solutions such as checksumming, integrity constraints, and integrity correction techniques. However, information integrity cannot be considered only as a technical problem, but it has to be analyzed and studied in the social-technical context of the system. Business processes and relations among all involved actors may also affect correctness and consistency of the information. In this paper, we propose an extended version of i*/Tropos modeling language to capture and analyze information integrity requirements. We illustrate the Datalog formalization of the proposed concepts and analysis techniques to support the analyst in the verification of integrity related properties. A case study concerning Air Traffic Management (ATM) is used throughout the paper.

show abstract

MagicNET: mobile agents data protection system

Shibli

Masood

Ghazi

et al. 2013

Trans. Emerging Tel. Tech.

View full text Add to dashboard Cite

Literature study and analysis on mobile agents reveal many challenging and uncovered aspects that still do not have comprehensive solutions. Despite the fact that significant research has been carried out on mobile agents, it is still not widely adopted by industry and research community because of the immaturity of various technical aspects of agent paradigm. One of the main reasons that limits the scope of the potential applications of mobile agents is the lack of reliable security solutions for mobile agents' code and their baggage. The protection of mobile agents' codes has been solved by the research community to some extent; however, there is not even a single solution that provides complete protection and access control mechanism for agents' code and their baggage (data being accumulated/ carried by agent during execution). Most of the existing solutions such as execution tracing, code obfuscation, encrypted code execution and partial result encapsulation mainly cover security threats of mobile agents' code. In this paper, we present a security solution to overcome the security threats on traditional mobile agents computing paradigm. Our proposed solution is one step ahead of extant solutions in that it provides complete protection and enforces access control on agents' complex baggage structure. We have extended our previous work that was limited to the protection of agents and the agent platforms only. Our approach provides holistic access control mechanism between users and agents, agents and agent platform resources and platform and agents baggage. By adopting the proposed solution in the mobile agent-oriented software engineering, secure and complex mobile agent-based applications can be developed, which will greatly benefit the software industry.

show abstract

Secure Tropos: A Security-Oriented Extension of the Tropos Methodology

Cited by 315 publications

References 33 publications

Privacy as an Integral Part of the Implementation of Cloud Solutions

Privacy as an Integral Part of the Implementation of Cloud Solutions

Modeling and Analyzing Information Integrity in Safety Critical Systems

MagicNET: mobile agents data protection system

Contact Info

Product

Resources

About