Requirements engineering for trust management: Model, methodology, and reasoning

International Journal of Information Security

Volumn 5, Issue 4, 2006, Pages 257-274

  Giorgini, Paolo ^a   Massacci, Fabio ^a   Mylopoulos, John ^a   Zannone, Nicola ^a  

^a UNIVERSITY OF TRENTO   (Italy)

Author keywords

Agent oriented software; Privilege management; Requirements Engineering; Security Engineering; Trust models for business and organizations; Verification and validation of software

Indexed keywords

EID: 33749035450     PISSN: 16155262     EISSN: 16155270     Source Type: Journal    
DOI: 10.1007/s10207-006-0005-7     Document Type: Article

References (42)

1. Abiteboul S., Hull R., Vianu V. (1995) Foundations of databases. Addison-Wesley, Reading
2. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y. Hippocratic databases. In: Proceedings of VLDB'02, pp. 143-154. Morgan Kaufmann (2002)
3. Anderson, R. A security policy model for clinical information systems. In: Proceedings of Symposium on Security and Privacy, pp. 30-43. IEEE Press (1996)
4. Antón AI., Earp JB. (2004) A requirements taxonomy for reducing Web site privacy vulnerabilities. Requirements Eng. J. 9(3): 169-185
5. Axelrod R. The evolution of cooperation. Basic Books, London (1984)
6. Barnes LB. (1981) Managing the paradox of organizational trust. Harvard Bus. Rev. 59(2): 107-116
7. Basin D., Doser J., Lodderstedt T. (2006) Model driven security: From UML models to access control infrastructures. TOSEM 15(1): 39-91
8. Blaze M., Feigenbaum J., Ioannidis J., Keromytis A.D. (1999) The role of trust management in distributed systems security. secure internet programming 1603, 185-210
9. Blomqvist, K., Stâhle, P. Building organizational trust. In: proceedings of 16th Annual IMP Conf. (2000)
10. Bresciani P., Giorgini P., Giunchiglia F., Mylopoulos J., Perini A. (2004) TROPOS: An agent-oriented software development methodology. JAAMAS 8(3): 203-236
11. Castelfranchi, C., Falcone, R. Principles of trust for MAS: Cognitive anatomy, social importance and quantification. In: Proceedings of ICMAS'98, pp. 72-79. IEEE Press (1998)
12. Chu Y.H., Feigenbaum J., LaMacchia B., Resnick P., Strauss M. (1997) REFEREE: Trust management for web applications. computer networks and ISDN Systems 29(8-13): 953-964
13. Chung, L., Nixon, B. Dealing with non-functional requirements: Three experimental studies of a process-oriented approach. In: Proceedings of ICSE'95, pp. 25-37. ACM Press (1995)
14. Damianou, N. A policy framework for management of distributed systems. Ph.D. Thesis, University of London (2002)
15. Devanbu, P.T., Stubblebine, S.G. Software engineering for security: A roadmap. In: Proceedings. of ICSE'00 - Future of Software Engineerring Track, pp. 227-239 (2000)
16. Ebert, C. Requirements BEFORE the requirements: Understanding the upstream Impacts. In: Proceedings of RE'05, pp. 117-124. IEEE Press (2005)
17. Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T. Simple public key certificates. Internet Draft (work in progress) (1999)
18. Giorgini, P., Massacci, F., Mylopoulos, J. Requirement engineering meets security: A case study on modelling secure electronic transactions by VISA and Mastercard. In: Proceedings of ER'03, LNCS 2813, pp. 263-276. Springer, Berlin Heidelberg Newyork (2003)
19. Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N. Filling the gap between requirements engineering and public key/trust management infrastructures. In: Proceedings of EuroPKI'04, LNCS 3093, pp. 98-111. Springer, Berlin Heidelberg Newyork (2004)
20. Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Requirements engineering meets trust management: Model, methodology, and reasoning. In: Proceedings of iTrust'04, LNCS 2995, pp. 176-190. Springer, Berlin Heidelberg Newyork (2004)
21. Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N. Modeling security requirements through ownership, permission and delegation. In: Proceedings of RE'05, pp. 167-176. IEEE Press (2005)
22. Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N. Modelling social and individual trust in requirements engineering methodologies. In: Proceedings of iTrust'05, LNCS 3477, pp. 161-176. Springer, Berlin Heidelberg Newyork (2005)
23. Jim, T. SD3: A trust management system with certified evaluation. In: Proceedings of Symposium on Security and Privacy, pp. 106-115. IEEE Press (2001)
24. Jürjens, J. Secure Systems Development with UML. Springer, (2004)
25. Leone, N., Pfeifer, G., Faber, W., Eiter, T., Gottlob, G., Perri, S., Scarcello, F. The DLV System for knowledge representation and reasoning. TOCL (2005)
26. Li N., Grosof B.N., Feigenbaum J. (2003) Delegation logic: A logic-based approach to distributed authorization. TISSEC 6(1): 128-171
27. Li, N., Mitchell, J.C., Winsborough, W.H. Design a role-based trust-management framework. In: Proceedings of Symposium on Security and Privacy, pp. 114-130. IEEE Press (2002)
28. Liu, L., Yu, E.S.K., Mylopoulos, J. Security and Privacy Requirements Analysis within a Social Setting. In: Proceedings of RE'03, pp. 151-161. IEEE Press (2003)
29. Massacci, F., Mylopoulos, J., Zannone, N. From hippocratic databases to secure tropos: A computer-aided re- engineering Approach. IJSEKE (2006). (in press).
30. Massacci, F., Penserini, L. (eds.) In: Proceedings of Symposium on Requirements Engineering for Information Security (2005)
31. Massacci F., Prest M., Zannone N. (2005) Using a security requirements engineering methodology in practice: The compliance with the italian data protection legislation. Comp. Stand. Inter. 27(5): 445-455
32. Massacci, F., Zannone, N. Detecting conflicts between functional and security requirements with secure tropos: John Rusnak and the allied irish bank. Tech. Rep. DIT-06-002, University of Trento (2006)
33. McDermott, J., Fox, C. Using abuse case models for security requirements Analysis. In: Proceedings of ACSAC'99, pp. 55-66. IEEE Press (1999)
34. McKnight, D.H., Chervany, N.L. The meanings of trust. Tech. Rep. 96-04, MIS Research Center (1996)
35. Sandhu R.S., Coyne E.J., Feinstein H.L., Youman C.E. (1996) Role-based access control models. IEEE Comp. 29(2): 38-47
36. Sindre G., Opdahl A.L. (2005) Eliciting security requirements with misuse cases. Requirements Eng. J. 10(1): 34-44
37. Sommerville I. (2001) Software engineering. Addison-Wesley, Reading
38. Toval, A., Olmos, A., Piattini, M. Legal requirements reuse: A critical success factor for requirements quality and personal data protection. In: Proceedings of RE'02, pp.95 -103. IEEE Press (2002)
39. Tryfonas T., Kiountouzis E., Poulymenakou A. (2001) Embedding security practices in contemporary information systems development approaches. Inform. Manage. Comp. Sec. 9, 183-197
40. van Lamsweerde, A., Brohez, S., De Landtsheer, R., Janssens, D. From system goals to intruder anti-goals: Attack generation and resolution for security requirements engineering. In: Proceedings of RHAS'03, pp. 49-56 (2003)
41. Yu, E., Cysneiros, L. designing for privacy and other competing requirements. In: Proceedings of SREIS'02 (2002)
42. Yu, E.S.K. Modelling strategic relationships for process reengineering. Ph.D. thesis, University of Toronto (1996)