Security

Secure Tropos

Secure Tropos extends Tropos in order to model and analyze security requirements alongside functional requirements. The methodology provides a requirements analysis process that drives system designers from the acquisition of requirements up to their verification. Two versions of Secure Tropos exist.

  • based on the SI* conceptual modeling language, which extends Eric Yu's i* language. The common concepts of actor, goal, task, and resource are augmented with a set of security-related concepts [website]
  • extends the Tropos language as well as its development process. The language extension consists of redefining existing concepts with security in mind as well as introducing new concepts (security constraints, secure goal, secure plan, ...) [website]



The Socio-Technical Security modeling language

The observation that security has to be considered at the socio-technical level, i.e., that systems are part of a broader socio-technical system, along with other systems as well as social actors, led to the development of the Socio-Technical Security modeling language (STS-ml). This language, which belongs to the family of i*/Tropos based approaches, provides a rich language for the specification of security requirements in socio-technical systems. STS-ml is supported by a fully-fledged modeling and analysis tool called STS-Tool [website]  

AuthorsTitlePlace publishedYear publishedsort icon
P. Giorgini; G. Manson; H. Mouratidis; I. PhilpA Natural Extension of Tropos Methodology for Modelling Security.Workshop on Agent-oriented methodologies, at OOPSLA 20022002DownloadDetails
P. Giorgini; G. Manson; H. Mouratidis; I. PhilpModelling an agent-based integrated health and social care information system for older people.International Workshop on Agents Applied in Health Care (2002)2002Details
P. Giorgini; G. Manson; H. Mouratidis; I. PhilpUsing Tropos Methodology to Model and integrated Health Assessment System.Fourth International Bi-Conference Workshop on Agent-Oriented Information systems (AOIS-02)2002Details
P. Giorgini; G. Manson; H. MouratidisModelling Secure Multiagent Systems.2nd International Joint Conference on Autonomous Agents and Multiagent Systems (2003)2003DownloadDetails
P. Giorgini; G. Manson; H. MouratidisIntegrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems.15th Conference On Advanced Information Systems Engineering (CAiSE*03)2003Details
P. Giorgini; G. Manson; H. MouratidisOn Security Requirements Analysis for Multi-Agent Systems.2nd International Workshop on Software Engineering for Large-Scale Multi-Agent Systems SELMAS 2003 in conjunction with the 25th International Conference on Software Engineering (ICSE 2003)2003DownloadDetails
A. Gani; P. Giorgini; G. Manson; H. MouratidisAnalysing Security Requirements of Information Systems Using Tropos.International Conference on Enterprise Information Systems2003Details
P. Giorgini; H. Mouratidis; M. WeissIntegrating Patterns and Agent-Oriented Methodologies to Provide Better Solutions for the Development of Secure Agent Systems.Workshop on Expressiveness of Pattern Languages 2003, at ChiliPLoP (2003)2003DownloadDetails
Giorgini, P.; Massacci, F.; Mylopoulos, J.Requirement Engineering meets Security: A Case Study on Modelling Secure Electronic Transactions by VISA and Mastercard22nd International Conference on Conceptual Modeling (ER 2003)2003Details
P. Giorgini; H. Mouratidis; M. SchumacherSecurity Patterns for Agent Systems.Eighth European Conference on Pattern Languages of Programs (2003)2003DownloadDetails
P. Giorgini; G. Manson; H. MouratidisAn Ontology for Modelling Security: The Tropos Approach.KES 2003 Invited Session Ontology and Multi-Agent Systems Design (OMASD'03)2003DownloadDetails
P. Giorgini; F. Massacci; J. Mylopoulos; N. ZannoneFilling the gap between Requirements Engineering and Public Key/Trust Management Infrastructures.1st European PKI Workshop: Research and Applications (1st EuroPKI)2004DownloadDetails
P. Giorgini; F. Massacci; J. Mylopoulos; N. ZannoneRequirements Engineering meets Trust Management: Model, Methodology, and Reasoning.Second International Conference on Trust Management (iTrust 2004)2004DownloadDetails
P. Giorgini; G. Manson; H. MouratidisUsing Security Attack Scenarios to Analyse Security During Information Systems Design.6th International Conference on Enterprise Information Systems (2004)2004Details
P. Giorgini; H. MouratidisAnalysing Security in Information Systems.Second International Workshop on Security In Information Systems (WOSIS-2004)2004Details
P. Giorgini; G. Manson; H. MouratidisTowards the Development of Secure Information Systems: Security Reference Diagrams and Security Attack Scenarios.16th Conference On Advanced Information Systems Engineering (CAiSE*04)2004Details
P. Bresciani; P. Giorgini; G. Manson; H. MouratidisMulti-Agent Systems and Security Requirements Analysis.Software Engineering for Multi-Agent Systems II2004DownloadDetails
P. Giorgini; F. Massacci; J. Mylopoulos; N. ZannoneModeling Security Requirements Through Ownership, Permission and Delegation.13th IEEE International Requirements Engineering Conference (RE'05)2005DownloadDetails
P. Giorgini; H. Mouratidis; M. WeissSecurity patterns meet agent oriented software engineering: a complementary solution for developing security information systems.24th International Conference on Conceptual Modelling (ER'05)2005Details
P. Giorgini; G. Manson; H. MouratidisWhen Security Meets Software Engineering: A Case of Modeling Secure Information Systems.Information System (2005)2005DownloadDetails
P. Giorgini; H. Mouratidis; M. WeissModeling Secure Systems Using An Agent-Oriented Approach and Security Patterns.International Journal of Software Engineering and Knowledge Engineering (IJSEKE)2005Details
P. Giorgini; H. MouratidisSecure Tropos: A Security-Oriented Extension of the Tropos Methodology.Journal of Autonomous Agents and Mult-Agent Systems2005Details
P. Giorgini; F. Massacci; J. Mylopoulos; A. Siena; N. ZannoneST-Tool: A CASE Tool for Modeling and Analyzing Trust RequirementsThird International Conference on Trust Management (iTrust 2005)2005DownloadDetails
P. Giorgini; F. Massacci; N. ZannoneSecurity and Trust Requirements Engineering.Foundations of Security Analysis and Design III2005DownloadDetails
P. Giorgini; F. Massacci; J. Mylopoulos; N. ZannoneModeling Social and Individual Trust in Requirements Engineering Methodologies.Third International Conference on Trust Management (iTrust 2005)2005Details
Bryl, V.; Massacci, F.; Mylopoulos, J.; Zannone, N.Designing Security Requirements Models through Planning.18th Conference on Advanced Information Systems Engineering (CAiSE'06)2006DownloadDetails
Asnar, Y.; Giorgini, P.Modelling Risk and Identifying Countermeasure in Organizations.1st International Workshop on Critical Information Infrastructures Security (CRITIS '06)2006DownloadDetails
Bryl, V.; Dalpiaz, F.; Ferrario, R.; Mattioli, A.; Villafiorita, A.Evaluating Procedural Alternatives. A Case Study in E-Voting.1st International Conference on Methodologies, Technologies and Tools enabling e-Government (MeTTeG'07)2007DownloadDetails
Asnar, Y.; Giorgini, P.; Massacci, F.; Zannone, N.From Trust to Dependability through Risk Analysis.Second International Conference on Availability, Reliability and Security (AReS 2007)2007DownloadDetails
Bryl, V.; Dalpiaz, F.; Ferrario, R.; Mattioli, A.; Villafiorita, A.Evaluating Procedural Alternatives: a Case Study in e-Voting.Electronic Government, an International Journal2009DownloadDetails
V. E. Silva Souza; J. MylopoulosMonitoring and Diagnosing Malicious Attacks with Autonomic Software28th International Conference on Conceptual Modeling (ER 2009)2009Details
F. Dalpiaz and E. Paja and P. GiorginiSecurity Requirements Engineering for Service-Oriented ApplicationsProceedings of the Fifth International i* Workshop (istar'11)2011DownloadDetails
F. Dalpiaz and E. Paja and P. GiorginiSecurity Requirements Engineering via CommitmentsProceedings of the First Workshop on Socio-Technical Aspects in Security and Trust (STAST'11)2011DownloadDetails
E. Paja and F. Dalpiaz and M. Poggianella and P. Roberti and P. GiorginiModelling Security Requirements in Socio-Technical Systems with STS-ToolForum of the Conference on Advanced Information Systems Engineering2012DownloadDetails
E. Paja and F. Dalpiaz and M. Poggianella and P. Roberti and P. GiorginiSTS-Tool: Using Commitments to Specify Socio-Technical Security Requirements31st International Conference on Conceptual Modeling2012DownloadDetails
E. Paja and F. Dalpiaz and M. Poggianella and P. Roberti and P. GiorginiSTS-Tool: Socio-Technical Security Requirements through Social CommitmentsProceedings of the 20th International IEEE Conference on Requirements Engineering (RE'12)2012DownloadDetails
S. Troesterer and E. Beck and F. Dalpiaz and E. Paja and P. Giorgini and M. TscheligiFormative User-Centered Evaluation of Security Modeling: Results from a Case StudyInternational Journal of Secure Software Engineering2012DownloadDetails

 

Back to top