Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems

Mouratidis, Haralambos; Giorgini, Paolo; Manson, Gordon A.

doi:10.1007/3-540-45017-3_7

Cited by 79 publications

(60 citation statements)

References 16 publications

(17 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In previous papers (Mouratidis, 2003-Mouratidis, 2003a-Mouratidis, 2003b, we have presented how we extended the Tropos methodology, by introducing the concepts of security reference diagram and security constraints and by redefining existing Tropos concepts such as secure entities, secure dependencies, and secure capabilities to enable it to consider security aspects throughout the whole development process.…”

Section: The Tropos Methodologymentioning

confidence: 99%

See 1 more Smart Citation

Using Security Attack Scenarios to Analyse Security During Information Systems Design

Mouratidis

Giorgini

Manson

2004

Proceedings of the 4th International Workshop on Pattern Recognition in Information Systems

View full text Add to dashboard Cite

Abstract:It has been widely argued in the literature that security concerns should be integrated with software engineering practices. However, only recently work has been initiated towards this direction. Most of this work, however, only considers how security can be analysed during the development lifecycles and not how the security of an information system can be tested during the analysis and design stages. In this paper we present results from the development of a technique, which is based on the use of scenarios, to test the reaction of an information system against potential security attacks.

show abstract

Section: The Tropos Methodologymentioning

confidence: 99%

“…In previous papers, we have presented a process that allows developers to identify the security requirements of an information system (Mouratidis, 2003), reason about a suitable architectural style (Mouratidis, 2003a), and successfully transform security requirements to design (Mouratidis, 2003b).…”

Section: Introductionmentioning

confidence: 99%

Using Security Attack Scenarios to Analyse Security During Information Systems Design

Mouratidis

Giorgini

Manson

2004

Proceedings of the 4th International Workshop on Pattern Recognition in Information Systems

View full text Add to dashboard Cite

show abstract

“…The basic Tropos methodology was not conceived with security in mind and, as a result, it therefore fails to adequately capture security requirements [40]. In particular, the methodology demonstrates limitations with respect to security in its process as well as in its concepts.…”

Section: Secure Tropos: Security-related Conceptsmentioning

confidence: 99%

Using a Situational Method Engineering Approach to Identify Reusable Method Fragments from the Secure TROPOS Methodology.

Low¹,

Mouratidis²,

Henderson‐Sellers³

2010

JOT

View full text Add to dashboard Cite

Situational method engineering (SME) has as a focus a repository of method fragments, gleaned from extant methodologies and best practice. Using one such example, the OPF (OPEN Process Framework) repository, we identify deficiencies in the current SME support for securityrelated issues in the context of agent-oriented software engineering. Specifically, theoretical proposals for the development of reusable security-related method fragments from the agent-oriented methodology Secure Tropos are discussed. Since the OPF repository has already been enhanced by fragments from Tropos and other non-security-focussed agent-oriented software development methodologies, the only method fragments from Secure Tropos not already contained in this repository are those that are specifically security-related. These are identified, clearly defined and recommended for inclusion in the current OPF repository of method fragments.

show abstract

“…Although, the Tropos methodology was not conceived with security in mind, we have presented in previous work a set of security related concepts [13,14,15] (some resulted from security related extensions of existing concepts), to enable it to model security issues throughout the development of multiagent systems. This security oriented extension, which is known as secure Tropos, includes the following security related concepts.…”

Section: An Overview Of Secure Troposmentioning

confidence: 99%

“…In previous work [13,14,15] we have presented models and techniques towards the solution of problems a, b, c, and d. For example, we proposed a well guided security-oriented process that considers the same concepts and notations throughout the development lifecycle and it allows the parallel definition of security and functional requirements providing at the same time a clear distinction.…”

Section: Introductionmentioning

confidence: 99%

Enhancing Secure Tropos to Effectively Deal with Security Requirements in the Development of Multiagent Systems

Mouratidis

Giorgini

2009

Safety and Security in Multiagent Systems

View full text Add to dashboard Cite

Abstract. The consideration of security requirements in the development of multi-agent systems is a very difficult task. However, only few approaches have been proposed that try to integrate security issues as internal part of the development process. Amongst them, secure Tropos has been proposed as a structured approach towards the consideration of security issues in the development of multiagent systems. In this paper we enhance secure Tropos by integrating to its stages: (i) a process for selecting amongst alternative architectural styles using as criteria the security requirements of the system; (ii) a pattern-based approach to transform security requirements to design, and (iii) a security attack scenarios approach to test the developed solution. The electronic single assessment process (eSAP) case study is used to illustrate our approach.

show abstract

Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems

Cited by 79 publications

References 16 publications

Using Security Attack Scenarios to Analyse Security During Information Systems Design

Using Security Attack Scenarios to Analyse Security During Information Systems Design

Using a Situational Method Engineering Approach to Identify Reusable Method Fragments from the Secure TROPOS Methodology.

Enhancing Secure Tropos to Effectively Deal with Security Requirements in the Development of Multiagent Systems

Contact Info

Product

Resources

About