Title :
Security requirements engineering via commitments
Author :
Dalpiaz, Fabiano ; Paja, Elda ; Giorgini, Paolo
Author_Institution :
Dept. of Inf. Eng. & Comput. Sci., Univ. of Trento, Trento, Italy
Abstract :
Security Requirements Engineering (SRE) is concerned with the elicitation of security needs and the specification of security requirements of the system-to-be. Current approaches to SRE either express stakeholders´ needs via high-level organisational abstractions that are hard to map to system design, or specify only technical security requirements. In this paper, we introduce SecCo, an SRE framework that starts with goal-oriented modelling of the security needs and derives security requirements from such needs. Importantly, SecCo relates security requirements to the interaction among actors. Security requirements are specified as social commitments - promises with contractual validity from one actor to another - that define constraints on the way actors can interact. These commitments shall be implemented by the system-to-be.
Keywords :
security of data; systems analysis; SecCo; commitments; contractual validity; goal oriented modelling; high level organisational abstractions; security requirements engineering; technical security requirements; Authorization; Concrete; Educational institutions; Information systems; Production; Redundancy; Commitments; Goal models; Security requirements;
Conference_Titel :
Socio-Technical Aspects in Security and Trust (STAST), 2011 1st Workshop on
Conference_Location :
Milan
Print_ISBN :
978-1-4577-1182-4
DOI :
10.1109/STAST.2011.6059249
