Modeling Security Requirements Through Ownership, Permission and Delegation

Giorgini, Paolo and Massacci, Fabio and Mylopoulos, John and Zannone, Nicola (2005) Modeling Security Requirements Through Ownership, Permission and Delegation. UNSPECIFIED. (Unpublished)

Download (338Kb) | Preview


    Security Requirements Engineering is emerging as a branch of Software Engineering, spurred by the realization that security must be dealt with early on during the requirements phase. Methodologies in this field are challenging, as they must take into account subtle notions such as trust (or lack thereof), delegation, and permission; they must also model entire organizations and not only systems-to-be. In our previous work we introduced Secure Tropos, a formal framework for modeling and analyzing security requirements. Secure Tropos is founded on three main notions: ownership, trust, and delegation. In this paper we refine Secure Tropos introducing the notions of at-least delegation and trust of execution; also, at-most delegation and trust of permission. We also propose monitoring as a security design pattern intended to overcome the problem of lack of trust between actors. The paper presents a semantics for these notions, and describes an implemented formal reasoning tool based on Datalog.

    Item Type: Departmental Technical Report
    Department or Research center: Information Engineering and Computer Science
    Subjects: Q Science > QA Mathematics > QA075 Electronic computers. Computer science
    Report Number: DIT-05-054
    Repository staff approval on: 15 Jul 2005

    Actions (login required)

    View Item