A Model Transformation from Misuse Cases to Secure Tropos
نویسندگان
چکیده
In current practices security concerns are typically addressed at the design or implementation stages, leaving aside the rationale for security analysis. The reason is that a systematic approach to address security from late development stages to early analysis stages does not exist. This paper presents transformation rules to perform model translation from misuse case diagram to Secure Tropos model. The translation justifies the system security concerns, and keep the traceability of the security decisions. Our proposal is based on the systematic domain model for information systems security risk management (ISSRM); thus, it preserves the semantics of both security languages’ constructs and synchronise the mechanisms across language boundaries to elicit, correct and complete security requirements. An example from banking sector demonstrates the applicability of our proposal.
منابع مشابه
Towards Model Transformation between SecureUML and UMLsec for Role-based Access Control
Nowadays security has become an important aspect in information systems engineering. A mainstream method for information system security is Role-based Access Control (RBAC), which restricts system access to authorised users. Recently different authors have proposed a number of modelling languages (e.g., abuse cases, misuse cases, secure i*, secure Tropos, and KAOS extensions to security) that f...
متن کاملUse Case Application in Requirements Analysis using Secure Tropos to UMLsec - Security Issues
Information Systems Security is one of the most critical challenges presently facing nearly every one of the organizations. However, making certain security and quality in both information and the systems which control information is a difficult goal necessitating the mixture of two wide research disciplines which are typically separate: security engineering and secure software engineering. Sec...
متن کاملA CASE Tool to Support Automated Modelling and Analysis of Security Requirements, Based on Secure Tropos
Secure Tropos, an extension of the Tropos methodology, considers security requirements alongside functional requirements, from the early stages of the system development process. The Secure Tropos language uses security concepts such as security constraint, secure goal, secure plan, secure resource, and threat to capture the security concepts from both social and organisational settings. These ...
متن کاملSecTro: A CASE Tool for Modelling Security in Requirements Engineering using Secure Tropos
Secure Tropos is an extension of Tropos methodology, which considers security throughout the whole development process. The main concept of Secure Tropos is the security constraint that captures constraints regarding security. Similarly, the concepts of dependency, goal, task, resource, and capability were also extended with security in mind. In this paper we present the SecTro tool, a CASE too...
متن کاملSecure Tropos: dealing effectively with security requirements in the development of multiagent systems
The consideration of security requirements in the development of multi-agent systems is a very difficult task. However, only few approaches have been proposed that try to integrate security issues as internal part of the development process. Amongst them, secure Tropos has been proposed as a structured approach towards the consideration of security issues in the development of multiagent system...
متن کامل