Requirement engineering meets security: A case study on modelling secure electronic transactions by VISA and mastercard

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 2813, Issue , 2003, Pages 263-276

  Giorgini, Paolo ^a   Massacci, Fabio ^a   Mylopoulos, John ^a,b  

^a UNIVERSITY OF TRENTO   (Italy)

^b UNIVERSITY OF TORONTO   (Canada)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL; AUTHENTICATION; SECURITY OF DATA; SECURITY SYSTEMS;

DEPENDENCY RELATION; ESSENTIAL FEATURES; NATURAL CONSEQUENCES; REQUIREMENT ENGINEERING; SECURE ELECTRONIC TRANSACTION; SECURITY MECHANISM; SECURITY REQUIREMENTS; SECURITY SOLUTIONS;

DATA HANDLING;

EID: 0142156745     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-39648-2_22     Document Type: Article

References (22)

1. R. Anderson. Security Engineering - a Guide to Building Dependable Distributed Systems. Wiley and Sons, 2003.
2. G. Bella, F. Massacci, and L. C. Paulson. The verification of an industrial payment protocol: The SET purchase phase. In V. Atluri, editor, 9th ACM Conference on Computer and Communications Security, pages 12-20. ACM Press, 2002.
3. G. Bella, F. Massacci, and L. C. Paulson. Verifying the SET registration protocols. IEEE Journal on Selected Areas on Communications, 21(1), 2003. in press.
4. J. Castro, M. Kolp, and J. Mylopoulos. Towards Requirements-Driven Information Systems Engineering: The Tropos Project. Information Systems, 2003. Elsevier, Amsterdam, the Netherlands, (to appear).
5. P. T. Devambu and S. Stubbelbine. Software engineering for security: a roadmap. In Future of Software Engineering. Special volume of the proceedings of the 22nd International Conference on Software Engineering (ICSE 2000), pages 227-239, 2000.
6. J.-M. Jézéquel, H. Hußmann, and S. Cook, editors. 5th International Conference on the Unified Modeling Language (UML 2002), volume 2460 of Lecture Notes in Computer Science. Springer, 2002.
7. J.-M. Jézéquel, H. Hußmann, and S. Cook, editors. SecureUML: A UML-Based Modeling Language for Model-Driven Security, volume 2460 of Lecture Notes in Computer Science. Springer, 2002.
8. J. Jürjens. Modelling audit security for smart-card payment schemes with UMLsec. In 16th International Conference on Information Security (IFIP/SEC 2001). Kluwer AP, 2001.
9. J. Jürjens. Towards secure systems development with umlsec. In Fundamental Approaches to Software Engineering (FASE/ETAPS 2001), LNCS. Springer-Verlag, 2001.
10. J. Jürjens. UMLsec: Extending UML for secure systems development. In Jézéquel et al. [6].
11. J. Jürjens. Using UMLsec and Goal-Trees for secure systems development. In Symposium of Applied Computing (SAC 2002). ACM Press, 2002.
12. L. Liu, E. Yu, and J. Mylopoulos. Analyzing Security Requirements as Relationships Among Strategic Actors. In Proceedings of the 2nd Symposium on Requirements Engineering for Information Security (SREIS-02), Raleigh, North Carolina, 2002.
13. T. Lodderstedt, D. A. Basin, and J. Doser. Model driven security for process-oriented systems. In 8th ACM Symposium on Access Control Models and Technologies, 2003.
14. Mastercard & VISA. SET Secure Electronic Transaction Specification: Business Description, May 1997. Available electronically at http://www.setco.org/set_specifications.html.
15. Mastercard & VISA. SET Secure Electronic Transaction Specification: Programmer's Guide, May 1997. Available electronically at http://www.setco.org/set_specifications.html.
16. G. McGraw and J. Viega. Building Secure Software. Addison Wesley Professional computing, 2001.
17. H. Mouratidis, P. Giorgini, and G. Manson. Integrating security and systems engineering: Towards the modelling of secure information systems. In Proceedings of the 15th Conference On Advanced Information Systems Engineering (CAiSE 2003), 2003.
18. H. Mouratidis, P. Giorgini, and G. Manson. Modelling secure multiagent systems. In Proceedings of the 2nd International Joint Conference on Autonomous Agents and Multiagent Systems (AAMAS), 2003.
19. D. O'Mahony, M. Peirce, and H. Tewari. Electronic payment systems. The Artech House computer science library. Artech House, 1997.
20. A. Paller. Alert: Large criminal hacker attack on Windows NTE-banking and E-commerce sites. On the Internet at http://www.sans.org/newlook/alerts/NTE-bank.htm, Mar. 2001. SANS Institute.
21. A. Perini, P. Bresciani, F. Giunchiglia, P. Giorgini, and J. Mylopoulos. A Knowledge Level Software Engineering Methodology for Agent Oriented Programming. In Proc. of the 5th Int. Conference on Autonomous Agents, Montreal CA, May 2001. ACM.
22. E. Yu and L. Cysneiros. Designing for Privacy and Other Competing Requirements. In Proceedings of the 2nd Symposium on Requirements Engineering for Information Security (SREIS-02), Raleigh, North Carolina, 2002.