Abstract
In earlier work, we have introduced Secure Tropos, a requirements engineering methodology that extends the Tropos methodology and is intended for the design and analysis of security requirements. This paper briefly recaps the concepts proposed for capturing security aspects, and presents an implemented graphical CASE tool that supports the Secure Tropos methodology. Specifically, the tool supports the creation of Secure Tropos models, their translation to formal specifications, as well as the analysis of these specifications to ensure that they comply with specific security properties. Apart from presenting the tool, the paper also presents a two-tier evaluation consisting of two case studies and an experimental evaluation of the tool’s scalability.
References
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: Proc. of VLDB’02, pp. 143–154. Kaufmann, Los Altos (2002)
Alpern, B., Schneider, F.B.: Recognizing safety and liveness. Technical Report TR86-727, Cornell University, Computer Science Department (1986)
Anderson, R.: Why cryptosystems fail. Commun. ACM 37(11), 32–40 (1994)
Asnar, Y., Bonato, R., Bryl, V., Compagna, L., Dolinar, K., Giorgini, P., Holtmanns, S., Klobucar, T., Lanzi, P., Latanicki, J., Massacci, F., Meduri, V., Porekar, J., Riccucci, C., Saidane, A., Seguran, M., Yautsiukhin, A., Zannone, N.: Security and privacy requirements at organizational level. Research report A1.D2.1, SERENITY consortium (2006)
Association Cambiste Internationale: The model code: the international code of conduct and practice for the financial markets (2005). http://www.aciforex.com/market/July05_ModelCode.pdf
Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C.E.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secur. Comput. 1(1), 11–33 (2004)
Basin, D., Doser, J., Lodderstedt, T.: Model driven security: from UML models to access control infrastructures. ACM Trans. Softw. Eng. Methodol. 15(1), 39–91 (2006)
Bauer, L., Ligatti, J., Walker, D.: More enforceable security policies. In: Proc. of FCS’02 (2002)
Bresciani, P., Giorgini, P., Giunchiglia, F., Mylopoulos, J., Perini, A.: TROPOS: an agent-oriented software development methodology. J. Auton. Agents Multi-Agent Syst. 8(3), 203–236 (2004)
Buckingham Shum, S.J., Selvin, A.M., Sierhuis, M., Conklin, J., Haley, C.B., Nuseibeh, B.: Hypermedia support for argumentation-based rationale: 15 years on from gIBIS and QOC. In: Rationale Management in Software Engineering, pp. 105–126. Springer, Berlin (2006)
Chung, L.K., Nixon, B.A., Yu, E., Mylopoulos, J.: Non-Functional Requirements in Software Engineering. Kluwer, Dordrecht (2000)
Dardenne, A., van Lamsweerde, A., Fickas, S.: Goal-directed requirements acquisition. Sci. Comput. Prog. 20, 3–50 (1993)
Darimont, R., Delor, E., Massonet, P., van Lamsweerde, A.: GRAIL/KAOS: an environment for goal-driven requirements engineering. In: Proc. of ICSE’97, pp. 612–613. ACM Press, New York (1997)
De Landtsheer, R., van Lamsweerde, A.: Reasoning about confidentiality at requirements engineering time. In: Proc. of ESEC/FSE’05, pp. 41–49. ACM Press, New York (2005)
den Braber, F., Dimitrakos, T., Gran, B.A., Lund, M.S., Stølen, K., Aagedal, J.Ø.: The CORAS methodology: model-based risk assessment using UML and UP. In: UML and the Unified Process, pp. 332–357. Idea Group Publishing, New York (2003)
Ernst, N.A., Yu, Y., Mylopoulos, J.: Visualizing non-functional requirements. In: Proc. of REV’06, p. 2. IEEE Press, New York (2006)
Fickas, S., Nagarajan, P.: Critiquing software specifications. IEEE Softw. 5(6), 37–47 (1988)
Fuxman, A., Liu, L., Mylopoulos, J., Pistore, M., Roveri, M., Traverso, P.: Specifying and analyzing early requirements in tropos. Requir. Eng. J. 9(2), 132–150 (2004)
Gelfond, M., Lifschitz, V.: The stable model semantics for logic programming. In: Proc. of ICLP’88, pp. 1070–1080. MIT Press, Cambridge (1988)
Gelfond, M., Lifschitz, V.: Classical negation in logic programs and disjunctive databases. New Gener. Comput. 9(3/4), 365–386 (1991)
Germeau, F., Leduc, G.: Model-based design and verification of security protocols using LOTOS. In: Proc. of the DIMACS Workshop on Design and Formal Verification of Security Protocols (1997)
Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modelling social and individual trust in requirements engineering methodologies. In: Proc. of iTrust’05. Lecture Notes in Computer Science, vol. 3477, pp. 161–176. Springer, Berlin (2005a)
Giorgini, P., Massacci, F., Zannone, N.: Security and trust requirements engineering. In: FOSAD 2004/2005. Lecture Notes in Computer Science, vol. 3655, pp. 237–272. Springer, Berlin (2005b)
Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Requirements engineering for trust management: model, methodology, and reasoning. Int. J. Inform. Sec. 5(4), 257–274 (2006)
Gravell, A.M., Henderson, P.: Executing formal specifications need not be harmful. IEE/BCS Softw. Eng. J. 11(2), 104–110 (1996)
Haley, C.B., Moffett, J., Laney, R., Nuseibeh, B.: Arguing security: validating security requirements using structured argumentation. In: Proc. of SREIS’05 (2005)
Heitmeyer, C.L., Kirby, J., Labaw, B.G., Bharadwaj, R.: SCR*: A toolset for specifying and analyzing software requirements. In: Proc. of CAV’98, pp. 526–531. Springer, Berlin (1998)
House of Lords, P.: Prince Jefri Bolkiah vs KPMG. 1 All ER 517 (1999). Available on www.parliament.the-stationeryoffice.co.uk
Jackson, D.: Alloy: a lightweight object modelling notation. ACM Trans. Softw. Eng. Methodol. 11(2), 256–290 (2002)
Johnson, C.W.: V2: using violation and vulnerability analysis to understand the root causes of complex security incidents. Submitted to ACM Trans. Inf. Syst. Secur. (2006)
Jorion, P.: Value-at-Risk: The New Benchmark for Managing Financial Risk. McGraw–Hill, New York (2000)
Jürjens, J.: Secure Systems Development with UML. Springer, Berlin (2004)
Leone, N., Pfeifer, G., Faber, W., Eiter, T., Gottlob, G., Perri, S., Scarcello, F.: The DLV system for knowledge representation and reasoning. ACM Trans. Comput. Log. 7(3), 499–562 (2006)
Lierler, Y.: Disjunctive answer set programming via satisfiability. In: Proc. of the 3rd Int. Workshop on Answer Set Prog.: Adv. in Theory and Implementation, CEUR Workshop Proceedings. CEUR-WS. org, vol. 142 (2005)
Lin, F., Zhao, Y.: ASSAT: computing answer sets of a logic program by SAT solvers. In: Proc. of the 18th Nat. Conf. on Artif. Intell, pp. 112–117. AAAI Press, Menlo Park (2002)
Liu, L., Yu, E.S.K., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: Proc. of RE’03, pp. 151–161. IEEE Press, New York (2003)
Maiden, N., Sutcliffe, A.: Exploiting reusable specifications through analogy. CACM 35(4), 55–64 (1992)
Massacci, F., Prest, M., Zannone, N.: Using a security requirements engineering methodology in practice: the compliance with the Italian data protection legislation. Comput. Stand. Interfaces 27(5), 445–455 (2005)
Massacci, F., Zannone, N.: Detecting conflicts between functional and security requirements with secure tropos: John Rusnak and the Allied Irish Bank. Technical Report DIT-06-002, University of Trento (2006)
McDermott, J., Fox, C.: Using abuse case models for security requirements analysis. In: Proc. of ACSAC’99, pp. 55–66. IEEE Press, New York (1999)
National Security Agency: Information Assurance Technical Framework (IATF). Release 3.1 (2002)
Niemelä, I., Simons, P.: Efficient implementation of the well-founded and stable model semantics. In: Proc. of JICSLP’96, pp. 289–303. MIT Press, Cambridge (1996)
Niemelä, I., Simons, P., Syrjänen, T.: Smodels: a system for answer set programming. In: Proc. of the 8th Int. Workshop on Non-Monotonic Reas. (2000)
Nuseibeh, B., Easterbrook, S.: Requirements engineering: a roadmap. In: Proc. of ICSE’00, pp. 35–46. ACM Press, New York (2000)
Onabajo, A., Jahnke, J.H.: Modeling and reasoning for confidentiality requirements in software development. In: Proc. of ECBS’06, pp. 460–467. IEEE Press, New York (2006)
Perini, A., Susi, A.: Developing tools for agent-oriented visual modeling. In: Proc. of MATES’04. Lecture Notes in Computer Science, vol. 3187, pp. 169–182. Springer, Berlin (2004)
Promontory Financial Group, Wachtell, Lipton, Rosen, Katz: Report to the Board and Directors of Allied Irish Bank P.L.C., Allfirst Financial Inc., and Allfirst Bank Concerning Currency Trading Losses (2003)
Rifaut, A., Massonet, P., Molderez, J.-F., Ponsard, C., Stadnik, P., van Lamsweerde, A., Hung, T.V.: FAUST: formal analysis using specification tools. In: Proc. of RE’03, p. 350. IEEE Press, New York (2003)
Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proc. IEEE 63(9), 1278–1308 (1975)
Schätz, B., Pretschner, A., Huber, F., Philipps, J.: Model-based development of embedded systems. In: Proc. of OOIS’02. Lecture Notes in Computer Science, vol. 2426, pp. 298–312. Springer, Berlin (2002)
Schneider, F.B.: Decomposing properties into safety and liveness. Technical Report TR87-874, Cornell University, Computer Science Department (1987)
Selvin, A.M., Buckingham Shum, S.J.: Hypermedia as a productivity tool for doctoral research. New Rev. Hypermedia Multimedia 11(1), 91–101 (2005)
Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requir. Eng. J. 10(1), 34–44 (2005)
Stamatelatos, M., Vesely, W., Dugan, J., Fragola, J., Minarick, J., Railsback, J.: Fault Tree Handbook with Aerospace Applications. NASA, Washington (2002)
US Department of Justice: United States of America v. John M. Rusnak. SMS/SD/USAO #2002R02005. (2002). http://www.usdoj.gov/dag/cftf/chargingdocs/allfirst.pdf
van Gelder, A.: The alternating fixpoint of logic programs with negation. In: Proc. of PODS’89, pp. 1–10. ACM Press, New York (1989)
van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proc. of ICSE’04, pp. 148–157. IEEE Press, New York (2004)
van Lamsweerde, A., Letier, E.: Handling obstacles in goal-oriented requirements engineering. IEEE Trans. Softw. Eng. 26(10), 978–1005 (2000)
Yu, E.: Modelling strategic relationships for process reengineering. PhD thesis, University of Toronto (1995)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Massacci, F., Mylopoulos, J. & Zannone, N. Computer-aided Support for Secure Tropos. Autom Softw Eng 14, 341–364 (2007). https://doi.org/10.1007/s10515-007-0013-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10515-007-0013-5