Requirements Engineering meets Trust Management: Model, Methodology, and Reasoning

Giorgini, Paolo and Massacci, Fabio and Mylopoulos, John and Zannone, Nicola (2004) Requirements Engineering meets Trust Management: Model, Methodology, and Reasoning. UNSPECIFIED. (Unpublished)

Download (578Kb) | Preview


    The last years have seen a number of proposals to incorporate Security Engineering into mainstream Software Requirements Engineering. However, capturing trust and security requirements at an organizational level (as opposed to a design level) is still an open problem. This paper presents a formal framework for modeling and analyzing security and trust requirements. It extends the Tropos methodology, an agent-oriented software engineering methodology. The key intuition is that in modeling security and trust, we need to distinguish between the actors that manipulate resources, accomplish goals or execute tasks, and actors that own the resources or the goals. To analyze an organization and its information systems, we proceed in two steps. First, we built a trust model, determining the trust relationships among actors, and then we give a functional model, where we analyze the actual delegations against the trust model, checking whether an actor that offers a service is authorized to have it. The formal framework allows for the automatic verification of security and trust requirements by using a suitable delegation logic that can be mechanized within Datalog. To make the discussion more concrete, we illustrate the proposal with a Health Care case study.

    Item Type: Departmental Technical Report
    Department or Research center: Information Engineering and Computer Science
    Subjects: Q Science > QA Mathematics > QA076 Computer software
    Uncontrolled Keywords: Requirements Engineering for Security and Trust, Agent-Oriented Technologies, Security Engineering, Trust Models for Modeling Business and Organizations
    Report Number: DIT-04-016
    Repository staff approval on: 03 Mar 2004

    Actions (login required)

    View Item