通过承诺进行安全需求工程

2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST) Pub Date : 2011-11-18 DOI:10.1109/STAST.2011.6059249

F. Dalpiaz, E. Paja, P. Giorgini

{"title":"通过承诺进行安全需求工程","authors":"F. Dalpiaz, E. Paja, P. Giorgini","doi":"10.1109/STAST.2011.6059249","DOIUrl":null,"url":null,"abstract":"Security Requirements Engineering (SRE) is concerned with the elicitation of security needs and the specification of security requirements of the system-to-be. Current approaches to SRE either express stakeholders' needs via high-level organisational abstractions that are hard to map to system design, or specify only technical security requirements. In this paper, we introduce SecCo, an SRE framework that starts with goal-oriented modelling of the security needs and derives security requirements from such needs. Importantly, SecCo relates security requirements to the interaction among actors. Security requirements are specified as social commitments — promises with contractual validity from one actor to another — that define constraints on the way actors can interact. These commitments shall be implemented by the system-to-be.","PeriodicalId":293851,"journal":{"name":"2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"49","resultStr":"{\"title\":\"Security requirements engineering via commitments\",\"authors\":\"F. Dalpiaz, E. Paja, P. Giorgini\",\"doi\":\"10.1109/STAST.2011.6059249\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security Requirements Engineering (SRE) is concerned with the elicitation of security needs and the specification of security requirements of the system-to-be. Current approaches to SRE either express stakeholders' needs via high-level organisational abstractions that are hard to map to system design, or specify only technical security requirements. In this paper, we introduce SecCo, an SRE framework that starts with goal-oriented modelling of the security needs and derives security requirements from such needs. Importantly, SecCo relates security requirements to the interaction among actors. Security requirements are specified as social commitments — promises with contractual validity from one actor to another — that define constraints on the way actors can interact. These commitments shall be implemented by the system-to-be.\",\"PeriodicalId\":293851,\"journal\":{\"name\":\"2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST)\",\"volume\":\"36 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-11-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"49\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/STAST.2011.6059249\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/STAST.2011.6059249","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 49

摘要

安全需求工程(SRE)关注的是未来系统的安全需求的引出和安全需求的规范。当前的SRE方法要么通过难以映射到系统设计的高级组织抽象来表达涉众的需求，要么只指定技术安全需求。在本文中，我们介绍SecCo，这是一个SRE框架，它从面向目标的安全需求建模开始，并从这些需求中派生出安全需求。重要的是，SecCo将安全需求与参与者之间的交互联系起来。安全需求被指定为社会承诺——从一个参与者到另一个参与者之间具有契约有效性的承诺——它定义了参与者交互方式的约束。这些承诺将由未来的系统执行。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Security requirements engineering via commitments

Security Requirements Engineering (SRE) is concerned with the elicitation of security needs and the specification of security requirements of the system-to-be. Current approaches to SRE either express stakeholders' needs via high-level organisational abstractions that are hard to map to system design, or specify only technical security requirements. In this paper, we introduce SecCo, an SRE framework that starts with goal-oriented modelling of the security needs and derives security requirements from such needs. Importantly, SecCo relates security requirements to the interaction among actors. Security requirements are specified as social commitments — promises with contractual validity from one actor to another — that define constraints on the way actors can interact. These commitments shall be implemented by the system-to-be.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST)

自引率

0.00%

发文量

期刊最新文献

An approach to measure effectiveness of control for risk analysis with game theory Controlled data sharing in E-health Camera use in the public domain: Towards a ”Big Sister” approach Trustworthy and effective communication of cybersecurity risks: A review User study of the improved Helios voting system interfaces