SecureTropos ST-Tool A CASE tool for security-aware software requirements analysis Departement of Information and Communication Technology – University.

Slides:

Advertisements

Similar presentations

First Inter-Galactic Workshop on Tropos IRST-ITC Trento November 15-16, 2001.

Advertisements

IEEE/FIPA WG Mobile Agents Ulrich Pinsdorf Fraunhofer-Institute IGD, Germany Dept. Security Technology

Online Real Estate System Group Members Introduction Member 1 Name: Awais Khalil VU ID: BC Introduction: Assalam-o-Alaikum, I am Awais Khalil.

Giorgini P., EuroPKI Filling the gap between Requirements Engineering and Public Key/Trust Management Infrastructures Paolo Giorgini Department of.

Using the Semantic Web to Construct an Ontology- Based Repository for Software Patterns Scott Henninger Computer Science and Engineering University of.

SOFTWARE ENGINEERING ONTOLOGY A DEVELOPMENT METHODOLOGY Projects: eLSE & SELBO Iveta Georgieva.

Introduction to Computer Science CS 21a: Introduction to Computing I Department of Information Systems and Computer Science Ateneo de Manila University.

Standards & Enterprise Architecture for E-Governance Dr P.Madhav Institute for Electronic Governance.

Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.

Developing MAS The GAIA Methodology A Brief Summary by António Castro and Prof. Eugénio Oliveira.

Design of Web-based Systems IS Development: lecture 10.

April 15, 2005Department of Computer Science, BYU Agent-Oriented Software Engineering Muhammed Al-Muhammed Brigham Young University Supported in part by.

Introduction to Software Engineering Dr. Basem Alkazemi

© Prentice Hall CHAPTER 3 Computer Software.

AOSE-2003, Melbourne July 15 th 1 Agent Oriented modeling by interleaving formal and informal analysis Anna Perini 1, Marco Pistore 2,1, Marco Roveri 1,

Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.

Building trust in networking in Newly Associated States through the use of secure information society technologies Aleksej Jerman Blazic TELEBALT 2002.

Computer System Analysis Chapter 10 Structuring System Requirements: Conceptual Data Modeling Dr. Sana’a Wafa Al-Sayegh 1 st quadmaster University of Palestine.

Web Explanations for Semantic Heterogeneity Discovery Pavel Shvaiko 2 nd European Semantic Web Conference (ESWC), 1 June 2005, Crete, Greece work in collaboration.

ARTIFICIAL INTELLIGENCE [INTELLIGENT AGENTS PARADIGM]

Abstract A software development life cycle can be divided into requirements elicitation, specification, design, implementation, testing, and maintenance.

 2002 Prentice Hall. All rights reserved. 1 Introduction to Visual Basic.NET,.NET Framework and Visual Studio.NET Outline 1.7Introduction to Visual Basic.NET.

revised CmpE 583 Fall 2006Discussion: OWL- 1 CmpE 583- Web Semantics: Theory and Practice DISCUSSION: OWL Atilla ELÇİ Computer Engineering.

ITEC224 Database Programming

A Goal-Based Organizational Perspective on Multi-Agent Architectures Manuel Kolp † Paolo Giorgini ‡ John Mylopoulos † † Department of Computer Science.

Architecture-Based Runtime Software Evolution Peyman Oreizy, Nenad Medvidovic & Richard N. Taylor.

1 GRL Tools JUCMNav vs. OpenOME CSI5112 – Project Winter 2008 Bo Peng, Li Chen, Yessine Daadaa.

Loc-based Variability for Mobile Information Systems Raian Ali, Fabiano Dalpiaz, Paolo Giorgini CAiSE’ June 2008.

PERA Methodology.

Company LOGO Database System I Gde Dharma N. Fenomena “Information Overload” “The percentage of unstructured data is 85% of the total and growing..” ---Delphi.

By Jonathan….and Darion……….. Reliability Windows File Protection protects core system files from being overwritten by application installs. Driver certification.

Software Engineering – University of Tampere, CS DepartmentJyrki Nummenmaa REQUIREMENT SPECIFICATION Today: Requirements Specification.

Exploring the Intentional Dimension during Software (Architecture) Design adding the “why” and the “who/where” to the “what” and the “how” Daniel Gross.

© Eric Yu Strategic Actor Relationships Modelling with i* Eric Yu University of Toronto December 13-14, 2001 IRST, Trento, Italy.

The Architecture Lecture September 2006 Cem Kaner CSE 1001.

Identity-Based Secure Distributed Data Storage Schemes.

Università degli Studi di Zannone, Massacci, MylopoulosSecure Tropos -- 1 Security Requirements Engineering Methodologies Nicola Zannone,

Università degli Studi di Trento Modeling Security Requirements Through Ownership, Permission and Delegation P. Giorgini F.Massacci J. Mylopoulos N. Zannone.

Markup and Validation Agents in Vijjana – A Pragmatic model for Self- Organizing, Collaborative, Domain- Centric Knowledge Networks S. Devalapalli, R.

Intro – Part 2 Introduction to Database Management: Ch 1 & 2.

Advanced Computer Networks Topic 2: Characterization of Distributed Systems.

Raian Ali, Fabiano Dalpiaz, Paolo Giorgini Location-based Software Modeling and Analysis: Tropos-based Approach.

Knowledge Representation of Statistic Domain For CBR Application Supervisor : Dr. Aslina Saad Dr. Mashitoh Hashim PM Dr. Nor Hasbiah Ubaidullah.

Requirement Engineering for Trust Management : Model, Methodology Reasoning P. Giorgini, F. Massacci, J. Mylopoulos, N. Zannone, “Requirements Engineering.

ATAL - Seattle, August 1 st, A Knowledge Level Software Engineering Methodology for Agent Oriented Programming The Tropos framework Fausto Giunchiglia.

İsmail Özdemir Hüseyin Tüfekçilerli Advisor: Dr. Arzu Baloğlu.

Chapter One (Database System) Objectives Introduction to Database Management Systems (DBMS) Data and Information History of DB Types of DB.

A Goal Based Methodology for Developing Domain-Specific Ontological Frameworks Faezeh Ensan, Weichang Du Faculty of Computer Science, University of New.

ModelPedia Model Driven Engineering Graphical User Interfaces for Web 2.0 Sites Centro de Informática – CIn/UFPe ORCAS Group Eclipse GMF Fábio M. Pereira.

Using Meta-Model-Driven Views to Address Scalability in i* Models Jane You Department of Computer Science University of Toronto.

ICCS WSES BOF Discussion. Possible Topics Scientific workflows and Grid infrastructure Utilization of computing resources in scientific workflows; Virtual.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University July 21, 2008WODA.

Database Administration

Metadata Common Vocabulary a journey from a glossary to an ontology of statistical metadata, and back Sérgio Bacelar

1 Structuring Knowledge for a Security Trade-offs Knowledge Base Golnaz Elahi Department of Computer Science Eric Yu Faculty of Information Study University.

 2001 John Mylopoulos STRAW’ Software Architectures as Social Structures John Mylopoulos University of Toronto First ICSE Workshop titled “From.

7. Data Import Export Lingma Acheson Department of Computer and Information Science IUPUI CSCI N207 Data Analysis Using Spreadsheets 1.

21/1/ Analysis - Model of real-world situation - What ? System Design - Overall architecture (sub-systems) Object Design - Refinement of Design.

EMEA Beat Schwegler Architect Microsoft EMEA HQ Ingo Rammer Principal Consultant thinktecture

Guided By: Prof. Rajarshree Karande JSPM’S IMPERIAL COLLEGE OF ENGINEERING & RESEARCH WAGHOLI, PUNE Group MemberRoll No. Abhijeet Aralgundkar03.

SECURE TROPOS Michalis Pavlidis 8 May Seminar Agenda  Secure Tropos  History and Foundation  Tropos  Basics  Secure Tropos  Concepts / Modelling.

Introduction to Visual Basic. NET,. NET Framework and Visual Studio

a VO-oriented perspective

Introduction to Agents

Modeling Ideator using Tropos Syed Hamza Javed

Analysis models and design models

Detecting Conflicts of Interest

Week1 software - Lecture outline & Assignments

Presentation transcript:

SecureTropos ST-Tool A CASE tool for security-aware software requirements analysis Departement of Information and Communication Technology – University of Trento, Italy Departement of Computer Science – University of Toronto, Canada Paolo Giorgini · Fabio Massacci · John Mylopoulos · Nicola Zannone

SecureTropos Tropos ✔ Methodology for software development – Agent-oriented methodology ● Based on the notions of actor, goal, task, resource and social dependency – Software development phases: ● Early requirements ● Late requirement ● Architectural design ● Detailed design

SecureTropos SecureTropos ✔ Security-oriented extension to Tropos: – capture trust and security requirements; – distinguish between the actors that manipulate resources and actors that own the resources or the goals; – two different levels of analysis: ● social ● individual

SecureTropos ST-Tool goals ✔ Provide a visual framework to draw models ✔ Maintain a consistent representation of the data underlying to graphical diagrams ✔ Translate models into formal specifications ✔ Analyze models through external ASP solvers

SecureTropos Use of ASP ✔ Idea: considering the model as a database An Extensional Database (EDB) contains a set of all the rows (e.g. actors, services and relations) An Intensional Database (IDB) contains the axioms of the domain A second IDB is the properties database Supported solvers: ASSAT Cmodels DLV Smodels

SecureTropos Case study ✔ Compliance to Italian data protection legislation ✔ Definition and analysis of a ISO like security management scheme ✔ Benchmark for the solvers: – starting from the structure of the university (base case) by adding a growing number of agents playing the roles occurring in the model

SecureTropos Results ✔ bi-processor XEON, 3.2 GHz, 1 MB of Cache, 4GB of RAM, running Linux ✔ R: 0 - success; 1 - failure (e.g.: memory limits exceeded)

SecureTropos Methodology integration ✔ TAOM4E modeler – Tool for Agent-Oriented modeling for Eclipse – Supports full standard modeling methodology – Oriented to interoperability (Eclipse)

SecureTropos ST-Tool Demos ✔ Case Study on Privacy Protection in the Enterprise ✔ Demos – Create actor’s model of goals – Shows various format (XML, Formal Tropos, ASP) – Show basic reasoning mechanism ✔ A bit of a show – Basic Demo (4 min)4 min – Short Demo (6 min)6 min – Long Demo (7past min)7past min

SecureTropos Conclusions ✔ SecureTropos = Tropos + security extension ✔ ST-Tool: – Diagram design – Data model management – Front-end to ASP ✔ ASP analysis: – Model consistency – Detection of security lacks

SecureTropos References Web site: P. Giorgini, F. Massacci, J. Mylopoulos and N. Zannone. Filling the gap between Requirements Engineering and Public Key/Trust Management Infrastructures. In Proceedings of the 1st European PKI Workshop: Research and Applications (1st EuroPKI), LNCS 3093, pages Springer-Verlag Heidelberg, P. Giorgini, F. Massacci, J. Mylopoulos and N. Zannone. Requirements Engineering meets Trust Management: Model, Methodology, and Reasoning. In Proceedings of the Second International Conference on Trust Management (iTrust 2004), LNCS 2995, pages Springer-Verlag Heidelberg, P. Giorgini, F. Massacci, and J. Mylopoulos. Requirement Engineering meets Security: A Case Study on Modelling Secure Electronic Transactions by VISA and Mastercard. In Proceedings of the 22nd International Conference on Conceptual Modeling, LNCS 2813, Springer, P. Giorgini, F. Massacci, J. Mylopoulos and N. Zannone. Modeling Social and Individual Trust in Requirements Engineering Methodologies. In Proceedings of the Third International Conference on Trust Management (iTrust 2005), LNCS 3477, pages Springer-Verlag GmbH, P. Giorgini, F. Massacci, J. Mylopoulos, A. Siena and N. Zannone. ST-Tool: A CASE Tool for Modeling and Analyzing Trust Requirements. In Proceedings of the Third International Conference on Trust Management (iTrust 2005), LNCS 3477, pages Springer-Verlag GmbH, 2005.