Adapting Secure Tropos for Security Risk Management during Early Phases of the Information Systems Development
نویسندگان
چکیده
Security is a major target for todays information systems (IS) designers. Security modelling languages exist to reasoning on security in the early phases of IS development, when the most crucial design decisions are made. Reasoning on security involves analysing risk, and effectively communicating risk-related information. However, we think that current languages can be improved in this respect. In this paper, we discuss this issue for Secure Tropos, the language supporting the eponymous agent-based IS development methodology. We analyse it and suggest improvements in the light of an existing reference model for IS security risk management. This allows checking of Secure Tropos concepts and terminology against those of current risk management standards, thereby improving the conceptual appropriateness of the language. The paper follows a running example, called eSAP, located in the healthcare domain.
منابع مشابه
Comparison between Secure Tropos and VOSREP
Security is the main concern now days for any software system. In the past security was often treated as an add-on on other requirements, which make the system expensive on both the developer and user sides. Computer system security attacks are one of the most urgent problems facing IT professionals today. Security engineering should be integrated with the Software development life cycle to han...
متن کاملSyntactic and Semantic Extensions to Secure Tropos to Support Security Risk Management
The need to consider security from the early stages of the development process of information systems has been argued by academics and industrialists alike, and security risk management has been recognised as one of the most prominent techniques for eliciting security requirements. However, although existing security modelling languages provide some means to model security aspects, they do not ...
متن کاملMapping of McGraw Cycle to RUP Methodology for Secure Software Developing
Designing a secure software is one of the major phases in developing a robust software. The McGraw life cycle, as one of the well-known software security development approaches, implements different touch points as a collection of software security practices. Each touch point includes explicit instructions for applying security in terms of design, coding, measurement, and maintenance of softwar...
متن کاملSecurity Requirements Engineering: The SI* Modeling Language and the Secure Tropos Methodology
Security Requirements Engineering is an emerging field which lies at the crossroads of Security and Software Engineering. Much research has focused on this field in recent years, spurred by the realization that security must be dealt with in the earliest phases of the software development process as these phases cover a broader organizational perspective. Agent-oriented methodologies have prove...
متن کاملA Model Transformation from Misuse Cases to Secure Tropos
In current practices security concerns are typically addressed at the design or implementation stages, leaving aside the rationale for security analysis. The reason is that a systematic approach to address security from late development stages to early analysis stages does not exist. This paper presents transformation rules to perform model translation from misuse case diagram to Secure Tropos ...
متن کامل