From Hippocratic databases to Secure Tropos: A computer-aided re-engineering approach

International Journal of Software Engineering and Knowledge Engineering

Volumn 17, Issue 2, 2007, Pages 265-284

  Massacci, Fabio ^a   Mylopoulos, John ^a   Zannone, Nicola ^a  

^a UNIVERSITY OF TRENTO   (Italy)

Author keywords

Agent oriented technologies; IS re engineering; Security engineering

Indexed keywords

AGENT-ORIENTED TECHNOLOGIES; IS RE-ENGINEERING; SECURITY ENGINEERING;

COMPUTER AIDED ENGINEERING; DATA PRIVACY; REQUIREMENTS ENGINEERING; RETROFITTING;

DATABASE SYSTEMS;

EID: 34249110788     PISSN: 02181940     EISSN: None     Source Type: Journal    
DOI: 10.1142/S0218194007003239     Document Type: Article

References (27)

1. S. Abiteboul, R. Hull, and V. Vianu, Foundations of Databases (Addison-Wesley, 1995).
2. N. R. Adam and J. C. Worthmann, Security-control methods for statistical databases: A comparative study, CSUR 21(4) (1989) 515-556.
3. R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu, Hippocratic databases, in Proc. VLDB'02, Morgan Kaufmann, 2002, pp. 143-154.
4. A. I. Anton, D. Bolchini, and Q. He, The Use of Goals to Extract Privacy and Security Requirements from Policy Statements, Technical Report TR.-2003-17, NCSU Computer Science, September 2003.
5. A. I. Antón and J. B. Earp, A requirements taxonomy for reducing Web site privacy vulnerabilities, Requirements Eng. J. 9(3) (2004) 169-185.
6. M. Backes, G. Karjoth, W. Bagga, and M. Schunter, Efficient comparison of enterprise privacy policies, in Proc. SAC'04, ACM Press, 2004, pp. 375-382.
7. M. Backes, B. Pfitzmann, and M. Schunter, A toolkit for managing enterprise privacy policies, in Proc. ESORICS'03, LNCS 2808, Springer, 2003, pp. 162-180.
8. D. E. Bell and L. J. LaPadula, Secure Computer System: Unified Exposition and MULTICS Interpretation, Technical Report MTR-2997 Rev. 1, The MITRE Corporation, Bedford, MA, 1976.
9. P. Bresciani, P. Giorgini, F. Giunchiglia, J. Mylopoulos, and A. Perini, TROPOS: An agent-oriented software development methodology, JAAMAS 8(3) (2004) 203-236.
10. J.-W. Byun, E. Bertino, and N. Li, Purpose-Based Access Control for Privacy Protection in Relational Database Systems, Technical Report 2004-52, Purdue University, 2004.
11. J.-W. Byun, E. Bertino, and N. Li, Purpose based access control of complex data for privacy protection, in Proc. SACMAT'05, ACM Press, 2005, pp. 102-110.
12. L. Cranor, M. Langheinrich, M. Marchiori, and J. Reagle, The Platform for Privacy Preferences 1.0 (P3P1.0) Specification, W3C Recommendation, April 2002.
13. T. Dell'Armi, W. Faber, G. Ielpa, N. Leone, and G. Pfeifer, Aggregate functions in disjunctive logic programming: Semantics, complexity, and implementation in DLV, in Proc. IJCAI'03, Morgan Kaufmann, 2003, pp. 847-852.
14. D. Downs, J. Rub, K. Kung, and C. Jordan, Issues in discretionary access control, in Proc. Symp. on Sec. and Privacy, IEEE Press, 1985, pp. 208-218.
15. P. Giorgini, F. Massacci, J. Mylopoulos, and N. Zannone, Filling the gap between requirements engineering and public key/trust management infrastructures, in Proc. EuroPKI'04, LNCS 3093, Springer, 2004, pp. 98-111.
16. P. Giorgini, F. Massacci, J. Mylopoulos, and N. Zannone, Requirements engineering meets trust management: Model, methodology, and reasoning, in Proc. i'Trust'04, LNCS 2995, Springer, 2004, pp. 176-190.
17. P. Giorgini, F. Massacci, J. Mylopoulos, and N. Zannone, Modelling social and individual trust in requirements engineering methodologies, in Proc. iTrust'05, LNCS 3477, Springer, 2005, pp. 161-176.
18. Q. He and A. I. Anton, A framework for modeling privacy requirements in role engineering, in Proc. REFSQ'03, 2003, pp. 137-146.
19. G. Karjoth, M. Schunter, and M. Waidner, Platform for enterprise privacy practices: Privacy-enabled management of customer data, in Proc. PET'02, LNCS 2482, Springer, 2002, pp. 69-84.
20. K. LeFevre, R. Agrawal, V. Ercegovac, R. Ramakrishnan, Y. Xu, and D. J. DeWitt, Limiting disclosure in hippocratic databases, in Proc. VLDB'04, Morgan Kaufmann, 2004, pp. 108-119.
21. L. Liu, E. S. K. Yu, and J. Mylopoulos, Security and privacy requirements analysis within a social setting, in Proc. RE'03, IEEE Press, 2003, pp. 151-161.
22. F. Massacci, J. Mylopoulos, and N. Zannone, Hierarchical hippocratic databases with minimal disclosure for virtual organizations, The VLDB J., 2006.
23. F. Massacci, M. Prest, and N. Zannone, Using a security requirements engineering methodology in practice: The compliance with the Italian data protection legislation, Comp. Standards & Interfaces 27(5) (2005) 445-455.
24. F. Massacci and N. Zannone, Privacy is linking permission to purpose in Proc. 12th Int. Workshop on Sec. Protocols, 2004.
25. C. S. Powers P. Ashley, and M. Schunter, Privacy promises, access control, and privacy management: Enforcing privacy throughout an enterprise by extending access control, in Proc. ISEC'02, IEEE Press, 2002, pp. 13-21.
26. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, Role-based access control models, IEEE Comp. 29(2) (1996) 38-47.
27. A. van Lamsweerde, S. Brohez, R. De Landtsheer, and D. Janssens, From system goals to intruder anti-goals: Attack generation and resolution for security requirements engineering, in Proc. RHAS'03, 2003, pp. 49-56.