Presentation is loading. Please wait.

Presentation is loading. Please wait.

Requirement Engineering for Trust Management : Model, Methodology Reasoning P. Giorgini, F. Massacci, J. Mylopoulos, N. Zannone, “Requirements Engineering.

Published byNicholas Bell Modified over 8 years ago

Similar presentations

Presentation on theme: "Requirement Engineering for Trust Management : Model, Methodology Reasoning P. Giorgini, F. Massacci, J. Mylopoulos, N. Zannone, “Requirements Engineering."— Presentation transcript:

1 Requirement Engineering for Trust Management : Model, Methodology Reasoning P. Giorgini, F. Massacci, J. Mylopoulos, N. Zannone, “Requirements Engineering for Trust Management: Model, Methodology, and Reasoning”, International Journal of Information Security 5:4, pp. 257-274, October 2006. Presented by: Ramya Porumamilla

2 Summary Proposes an enhancement to Tropos by: * Separating actors, tasks, resources and social dependencies. * Defining the trust relationship between the actors. * Creating a functional relationship model. Existing Tropos methodology: Depender  Dependum  Dependee Provides a formal framework for modeling and analysing security and trust requirements.

3 Proposed Solution Introduces a trust relationship model to tropos - Trust, delegation, offer and ownership Methodology: 1. design a trust model among the actors of the systems. 2. identify who owns goals, tasks, or resources and who is able to fulfill goals, execute tasks or deliver resources 3. define functional dependencies and delegations of goals among agents building a functional model Finally, supports automatic verification of security requirements and trust relationships using formal modeling language.

4 Appreciation The proposed solution introduces a trust relationship model to tropos - Trust, delegation, offer and ownership Provides a way to abstract trust and functional models using diagrams – good Visual Language Allows automatic verification of the security requirements and trust relationships using formal modelling language – Datalog. Applications in Medical, Banking and other large applications which require high level of security Offers a formal modelling of the entire system including the its working environment.

5 Critical Comment (1) The proposed methodology is feasible only for large scale applications which deal with sensitive information like Medical and Banking applications Usability of the Visual Language (diagrams) is not verified in this paper. - No evaluations using formal Visual Language frameworks: eg: Cognitive Dimensions: abstraction gradient, consistency, diffuseness, error-proneness, premature commitment and visibility.

6 Critical Comment (2) The automatic verification of security requirements using formal modelling language is not clearly explained and evaluated. Feasibility of such a system is still debatable.

7 Conclusions Existing Tropos methodology: Depender  Dependum  Dependee The paper proposes an enhancement to Tropos by: * Separating actors, tasks, resources and social dependencies. * Defining the trust relationship between the actors. * Creating a functional relationship model. Provides a formal framework for modeling and analysing security and trust requirements. However, formal usability studies are required to evaluate the usefulness of this system.

8 Question Can this system be extended so that it can be used as a Visual Language tool ? Automatic generation of the formal modelling language from the security and trust relationship diagrams as shown:

Download ppt "Requirement Engineering for Trust Management : Model, Methodology Reasoning P. Giorgini, F. Massacci, J. Mylopoulos, N. Zannone, “Requirements Engineering."

Similar presentations

Supporting Life Scientists via End User Programming Luke Church Computer Laboratory, University of Cambridge Microsoft eScience - Dec 08 With thanks to.

Supporting Life Scientists via End User Programming Luke Church Computer Laboratory, University of Cambridge Microsoft eScience - Dec 08 With thanks to.
Improving Marking Efficiency and Engineering Undergraduate Feedback with Innovative Software Tools Barry J Beggs, Elaine M Smith & Allan Pellow

Improving Marking Efficiency and Engineering Undergraduate Feedback with Innovative Software Tools Barry J Beggs, Elaine M Smith & Allan Pellow
2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.

2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.
Giorgini P., EuroPKI 20041 Filling the gap between Requirements Engineering and Public Key/Trust Management Infrastructures Paolo Giorgini Department of.

Giorgini P., EuroPKI Filling the gap between Requirements Engineering and Public Key/Trust Management Infrastructures Paolo Giorgini Department of.
Strategic Modelling for Enterprise Integration Eric Yu University of Toronto 14th World Congress International Federation of Automatic Control July 5-9,

Strategic Modelling for Enterprise Integration Eric Yu University of Toronto 14th World Congress International Federation of Automatic Control July 5-9,
Overview of OASIS SOA Reference Architecture Foundation (SOA-RAF)

Overview of OASIS SOA Reference Architecture Foundation (SOA-RAF)
Karolina Muszyńska Based on

Karolina Muszyńska Based on
Managing Process Portfolios and Change Using Organisational Models Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science.

Managing Process Portfolios and Change Using Organisational Models Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science.
Chapter 6: Design of Expert Systems

Chapter 6: Design of Expert Systems
Research Proposal and Dissertation Daing Nasir Ibrahim.

Research Proposal and Dissertation Daing Nasir Ibrahim.
TERM PROJECT The Project usually consists of the following: Title

TERM PROJECT The Project usually consists of the following: Title
Karolina Muszyńska Based on

Karolina Muszyńska Based on
Objectives Explain the purpose and various phases of the traditional systems development life cycle (SDLC) Explain when to use an adaptive approach to.

Objectives Explain the purpose and various phases of the traditional systems development life cycle (SDLC) Explain when to use an adaptive approach to.
AOSE-2003, Melbourne July 15 th 1 Agent Oriented modeling by interleaving formal and informal analysis Anna Perini 1, Marco Pistore 2,1, Marco Roveri 1,

AOSE-2003, Melbourne July 15 th 1 Agent Oriented modeling by interleaving formal and informal analysis Anna Perini 1, Marco Pistore 2,1, Marco Roveri 1,
1 Scenario-based Analysis of UML Design Class Models Lijun Yu October 4th, 2010 Oslo, Norway.

1 Scenario-based Analysis of UML Design Class Models Lijun Yu October 4th, 2010 Oslo, Norway.
ACE TESOL Diploma Program – London Language Institute OBJECTIVES You will understand: 1. The difference between a course, curriculum, and syllabus. 2.

ACE TESOL Diploma Program – London Language Institute OBJECTIVES You will understand: 1. The difference between a course, curriculum, and syllabus. 2.
Basic Concepts The Unified Modeling Language (UML) SYSC 3100 - System Analysis and Design.

Basic Concepts The Unified Modeling Language (UML) SYSC System Analysis and Design.
How can ERP improve a company’s business performance?  Prior to ERP systems, companies stored important business records in many different departments.

How can ERP improve a company’s business performance?  Prior to ERP systems, companies stored important business records in many different departments.
Model-Driven User Requirements Specification using SysML Authors: Michel dos Santos Soares, Jos Vrancken Source: Journal of Software(JSW), Vol. 3, No.

Model-Driven User Requirements Specification using SysML Authors: Michel dos Santos Soares, Jos Vrancken Source: Journal of Software(JSW), Vol. 3, No.
Role-based Trust Management Security Policy Analysis and Correction Environment (RT-SPACE). Gregory T. Hoffer CS7323 – Research Seminar (Dr. Qi Tian)

Role-based Trust Management Security Policy Analysis and Correction Environment (RT-SPACE). Gregory T. Hoffer CS7323 – Research Seminar (Dr. Qi Tian)

Similar presentations

Ads by Google