Skip to main content
Log in

Abstract

In earlier work, we have introduced Secure Tropos, a requirements engineering methodology that extends the Tropos methodology and is intended for the design and analysis of security requirements. This paper briefly recaps the concepts proposed for capturing security aspects, and presents an implemented graphical CASE tool that supports the Secure Tropos methodology. Specifically, the tool supports the creation of Secure Tropos models, their translation to formal specifications, as well as the analysis of these specifications to ensure that they comply with specific security properties. Apart from presenting the tool, the paper also presents a two-tier evaluation consisting of two case studies and an experimental evaluation of the tool’s scalability.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

References

  • Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: Proc. of VLDB’02, pp. 143–154. Kaufmann, Los Altos (2002)

    Google Scholar 

  • Alpern, B., Schneider, F.B.: Recognizing safety and liveness. Technical Report TR86-727, Cornell University, Computer Science Department (1986)

  • Anderson, R.: Why cryptosystems fail. Commun. ACM 37(11), 32–40 (1994)

    Article  Google Scholar 

  • Asnar, Y., Bonato, R., Bryl, V., Compagna, L., Dolinar, K., Giorgini, P., Holtmanns, S., Klobucar, T., Lanzi, P., Latanicki, J., Massacci, F., Meduri, V., Porekar, J., Riccucci, C., Saidane, A., Seguran, M., Yautsiukhin, A., Zannone, N.: Security and privacy requirements at organizational level. Research report A1.D2.1, SERENITY consortium (2006)

  • Association Cambiste Internationale: The model code: the international code of conduct and practice for the financial markets (2005). http://www.aciforex.com/market/July05_ModelCode.pdf

  • Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C.E.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secur. Comput. 1(1), 11–33 (2004)

    Article  Google Scholar 

  • Basin, D., Doser, J., Lodderstedt, T.: Model driven security: from UML models to access control infrastructures. ACM Trans. Softw. Eng. Methodol. 15(1), 39–91 (2006)

    Article  Google Scholar 

  • Bauer, L., Ligatti, J., Walker, D.: More enforceable security policies. In: Proc. of FCS’02 (2002)

  • Bresciani, P., Giorgini, P., Giunchiglia, F., Mylopoulos, J., Perini, A.: TROPOS: an agent-oriented software development methodology. J. Auton. Agents Multi-Agent Syst. 8(3), 203–236 (2004)

    Article  Google Scholar 

  • Buckingham Shum, S.J., Selvin, A.M., Sierhuis, M., Conklin, J., Haley, C.B., Nuseibeh, B.: Hypermedia support for argumentation-based rationale: 15 years on from gIBIS and QOC. In: Rationale Management in Software Engineering, pp. 105–126. Springer, Berlin (2006)

    Google Scholar 

  • Chung, L.K., Nixon, B.A., Yu, E., Mylopoulos, J.: Non-Functional Requirements in Software Engineering. Kluwer, Dordrecht (2000)

    MATH  Google Scholar 

  • Dardenne, A., van Lamsweerde, A., Fickas, S.: Goal-directed requirements acquisition. Sci. Comput. Prog. 20, 3–50 (1993)

    Article  MATH  Google Scholar 

  • Darimont, R., Delor, E., Massonet, P., van Lamsweerde, A.: GRAIL/KAOS: an environment for goal-driven requirements engineering. In: Proc. of ICSE’97, pp. 612–613. ACM Press, New York (1997)

    Google Scholar 

  • De Landtsheer, R., van Lamsweerde, A.: Reasoning about confidentiality at requirements engineering time. In: Proc. of ESEC/FSE’05, pp. 41–49. ACM Press, New York (2005)

    Google Scholar 

  • den Braber, F., Dimitrakos, T., Gran, B.A., Lund, M.S., Stølen, K., Aagedal, J.Ø.: The CORAS methodology: model-based risk assessment using UML and UP. In: UML and the Unified Process, pp. 332–357. Idea Group Publishing, New York (2003)

    Google Scholar 

  • Ernst, N.A., Yu, Y., Mylopoulos, J.: Visualizing non-functional requirements. In: Proc. of REV’06, p. 2. IEEE Press, New York (2006)

    Google Scholar 

  • Fickas, S., Nagarajan, P.: Critiquing software specifications. IEEE Softw. 5(6), 37–47 (1988)

    Article  Google Scholar 

  • Fuxman, A., Liu, L., Mylopoulos, J., Pistore, M., Roveri, M., Traverso, P.: Specifying and analyzing early requirements in tropos. Requir. Eng. J. 9(2), 132–150 (2004)

    Article  Google Scholar 

  • Gelfond, M., Lifschitz, V.: The stable model semantics for logic programming. In: Proc. of ICLP’88, pp. 1070–1080. MIT Press, Cambridge (1988)

    Google Scholar 

  • Gelfond, M., Lifschitz, V.: Classical negation in logic programs and disjunctive databases. New Gener. Comput. 9(3/4), 365–386 (1991)

    Article  Google Scholar 

  • Germeau, F., Leduc, G.: Model-based design and verification of security protocols using LOTOS. In: Proc. of the DIMACS Workshop on Design and Formal Verification of Security Protocols (1997)

  • Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modelling social and individual trust in requirements engineering methodologies. In: Proc. of iTrust’05. Lecture Notes in Computer Science, vol. 3477, pp. 161–176. Springer, Berlin (2005a)

    Google Scholar 

  • Giorgini, P., Massacci, F., Zannone, N.: Security and trust requirements engineering. In: FOSAD 2004/2005. Lecture Notes in Computer Science, vol. 3655, pp. 237–272. Springer, Berlin (2005b)

    Google Scholar 

  • Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Requirements engineering for trust management: model, methodology, and reasoning. Int. J. Inform. Sec. 5(4), 257–274 (2006)

    Article  Google Scholar 

  • Gravell, A.M., Henderson, P.: Executing formal specifications need not be harmful. IEE/BCS Softw. Eng. J. 11(2), 104–110 (1996)

    Article  Google Scholar 

  • Haley, C.B., Moffett, J., Laney, R., Nuseibeh, B.: Arguing security: validating security requirements using structured argumentation. In: Proc. of SREIS’05 (2005)

  • Heitmeyer, C.L., Kirby, J., Labaw, B.G., Bharadwaj, R.: SCR*: A toolset for specifying and analyzing software requirements. In: Proc. of CAV’98, pp. 526–531. Springer, Berlin (1998)

    Google Scholar 

  • House of Lords, P.: Prince Jefri Bolkiah vs KPMG. 1 All ER 517 (1999). Available on www.parliament.the-stationeryoffice.co.uk

  • Jackson, D.: Alloy: a lightweight object modelling notation. ACM Trans. Softw. Eng. Methodol. 11(2), 256–290 (2002)

    Article  Google Scholar 

  • Johnson, C.W.: V2: using violation and vulnerability analysis to understand the root causes of complex security incidents. Submitted to ACM Trans. Inf. Syst. Secur. (2006)

  • Jorion, P.: Value-at-Risk: The New Benchmark for Managing Financial Risk. McGraw–Hill, New York (2000)

    Google Scholar 

  • Jürjens, J.: Secure Systems Development with UML. Springer, Berlin (2004)

    Google Scholar 

  • Leone, N., Pfeifer, G., Faber, W., Eiter, T., Gottlob, G., Perri, S., Scarcello, F.: The DLV system for knowledge representation and reasoning. ACM Trans. Comput. Log. 7(3), 499–562 (2006)

    Article  MathSciNet  Google Scholar 

  • Lierler, Y.: Disjunctive answer set programming via satisfiability. In: Proc. of the 3rd Int. Workshop on Answer Set Prog.: Adv. in Theory and Implementation, CEUR Workshop Proceedings. CEUR-WS. org, vol. 142 (2005)

  • Lin, F., Zhao, Y.: ASSAT: computing answer sets of a logic program by SAT solvers. In: Proc. of the 18th Nat. Conf. on Artif. Intell, pp. 112–117. AAAI Press, Menlo Park (2002)

    Google Scholar 

  • Liu, L., Yu, E.S.K., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: Proc. of RE’03, pp. 151–161. IEEE Press, New York (2003)

    Google Scholar 

  • Maiden, N., Sutcliffe, A.: Exploiting reusable specifications through analogy. CACM 35(4), 55–64 (1992)

    Google Scholar 

  • Massacci, F., Prest, M., Zannone, N.: Using a security requirements engineering methodology in practice: the compliance with the Italian data protection legislation. Comput. Stand. Interfaces 27(5), 445–455 (2005)

    Article  Google Scholar 

  • Massacci, F., Zannone, N.: Detecting conflicts between functional and security requirements with secure tropos: John Rusnak and the Allied Irish Bank. Technical Report DIT-06-002, University of Trento (2006)

  • McDermott, J., Fox, C.: Using abuse case models for security requirements analysis. In: Proc. of ACSAC’99, pp. 55–66. IEEE Press, New York (1999)

    Google Scholar 

  • National Security Agency: Information Assurance Technical Framework (IATF). Release 3.1 (2002)

  • Niemelä, I., Simons, P.: Efficient implementation of the well-founded and stable model semantics. In: Proc. of JICSLP’96, pp. 289–303. MIT Press, Cambridge (1996)

    Google Scholar 

  • Niemelä, I., Simons, P., Syrjänen, T.: Smodels: a system for answer set programming. In: Proc. of the 8th Int. Workshop on Non-Monotonic Reas. (2000)

  • Nuseibeh, B., Easterbrook, S.: Requirements engineering: a roadmap. In: Proc. of ICSE’00, pp. 35–46. ACM Press, New York (2000)

    Google Scholar 

  • Onabajo, A., Jahnke, J.H.: Modeling and reasoning for confidentiality requirements in software development. In: Proc. of ECBS’06, pp. 460–467. IEEE Press, New York (2006)

    Google Scholar 

  • Perini, A., Susi, A.: Developing tools for agent-oriented visual modeling. In: Proc. of MATES’04. Lecture Notes in Computer Science, vol. 3187, pp. 169–182. Springer, Berlin (2004)

    Google Scholar 

  • Promontory Financial Group, Wachtell, Lipton, Rosen, Katz: Report to the Board and Directors of Allied Irish Bank P.L.C., Allfirst Financial Inc., and Allfirst Bank Concerning Currency Trading Losses (2003)

  • Rifaut, A., Massonet, P., Molderez, J.-F., Ponsard, C., Stadnik, P., van Lamsweerde, A., Hung, T.V.: FAUST: formal analysis using specification tools. In: Proc. of RE’03, p. 350. IEEE Press, New York (2003)

    Google Scholar 

  • Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proc. IEEE 63(9), 1278–1308 (1975)

    Article  Google Scholar 

  • Schätz, B., Pretschner, A., Huber, F., Philipps, J.: Model-based development of embedded systems. In: Proc. of OOIS’02. Lecture Notes in Computer Science, vol. 2426, pp. 298–312. Springer, Berlin (2002)

    Google Scholar 

  • Schneider, F.B.: Decomposing properties into safety and liveness. Technical Report TR87-874, Cornell University, Computer Science Department (1987)

  • Selvin, A.M., Buckingham Shum, S.J.: Hypermedia as a productivity tool for doctoral research. New Rev. Hypermedia Multimedia 11(1), 91–101 (2005)

    Article  Google Scholar 

  • Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requir. Eng. J. 10(1), 34–44 (2005)

    Article  Google Scholar 

  • Stamatelatos, M., Vesely, W., Dugan, J., Fragola, J., Minarick, J., Railsback, J.: Fault Tree Handbook with Aerospace Applications. NASA, Washington (2002)

    Google Scholar 

  • US Department of Justice: United States of America v. John M. Rusnak. SMS/SD/USAO #2002R02005. (2002). http://www.usdoj.gov/dag/cftf/chargingdocs/allfirst.pdf

  • van Gelder, A.: The alternating fixpoint of logic programs with negation. In: Proc. of PODS’89, pp. 1–10. ACM Press, New York (1989)

    Google Scholar 

  • van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proc. of ICSE’04, pp. 148–157. IEEE Press, New York (2004)

    Google Scholar 

  • van Lamsweerde, A., Letier, E.: Handling obstacles in goal-oriented requirements engineering. IEEE Trans. Softw. Eng. 26(10), 978–1005 (2000)

    Article  Google Scholar 

  • Yu, E.: Modelling strategic relationships for process reengineering. PhD thesis, University of Toronto (1995)

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Nicola Zannone.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Massacci, F., Mylopoulos, J. & Zannone, N. Computer-aided Support for Secure Tropos. Autom Softw Eng 14, 341–364 (2007). https://doi.org/10.1007/s10515-007-0013-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10515-007-0013-5

Keywords

Navigation