期刊
DATA & KNOWLEDGE ENGINEERING
卷 98, 期 -, 页码 123-143出版社
ELSEVIER SCIENCE BV
DOI: 10.1016/j.datak.2015.07.007
关键词
Security requirements; Automated reasoning; Requirements models
资金
- European Union [257930, 256980]
Modem software systems operate within the context of larger socio-technical systems, wherein they interact by exchanging data and outsourcing tasks-with other technical components, humans, and organisations. When interacting, these components (actors) operate autonomously; as such, they may disclose confidential information without being authorised, wreck the integrity of private data, rely on untrusted third parties, etc. Thus, the design of a secure software system shall begin with a thorough analysis of its socio-technical context, thereby considering not only technical attacks, but also social and organisational ones. In this paper, we propose the STS approach for modelling and reasoning about security requirements. In STS, security requirements are specified, via the STS-ml requirements modelling language, as contracts that constrain the interactions among the actors in the socio-technical system. The requirements models of STS-ml have a formal semantics which enables automated reasoning for detecting possible conflicts among security requirements as well as conflicts between security requirements and actors' business policies. We apply STS to a case study about e-Government, and report on promising scalability results of our implementation. (C) 2015 Elsevier B.V. All rights reserved.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据