{"title":"Security requirements engineering via commitments","authors":"F. Dalpiaz, E. Paja, P. Giorgini","doi":"10.1109/STAST.2011.6059249","DOIUrl":null,"url":null,"abstract":"Security Requirements Engineering (SRE) is concerned with the elicitation of security needs and the specification of security requirements of the system-to-be. Current approaches to SRE either express stakeholders' needs via high-level organisational abstractions that are hard to map to system design, or specify only technical security requirements. In this paper, we introduce SecCo, an SRE framework that starts with goal-oriented modelling of the security needs and derives security requirements from such needs. Importantly, SecCo relates security requirements to the interaction among actors. Security requirements are specified as social commitments — promises with contractual validity from one actor to another — that define constraints on the way actors can interact. These commitments shall be implemented by the system-to-be.","PeriodicalId":293851,"journal":{"name":"2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"49","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/STAST.2011.6059249","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 49
Abstract
Security Requirements Engineering (SRE) is concerned with the elicitation of security needs and the specification of security requirements of the system-to-be. Current approaches to SRE either express stakeholders' needs via high-level organisational abstractions that are hard to map to system design, or specify only technical security requirements. In this paper, we introduce SecCo, an SRE framework that starts with goal-oriented modelling of the security needs and derives security requirements from such needs. Importantly, SecCo relates security requirements to the interaction among actors. Security requirements are specified as social commitments — promises with contractual validity from one actor to another — that define constraints on the way actors can interact. These commitments shall be implemented by the system-to-be.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
