Security and Compliance
Security plays an important role in the development of software systems. However, a careful analysis of software development processes shows that the definition of security requirements is, usually, considered after the design of the system. This is, mainly, due to the fact that software engineering methodologies have not integrated security concerns throughout their developing stages. The common approach towards the inclusion of security within a system is to identify security requirements after the definition of a system. This approach has provoked the emergence of computer systems afflicted with security vulnerabilities. From the viewpoint of the traditional security paradigm, it should be possible to eliminate such problems through better integration of security and systems engineering.
Tropos offers a specific modelling and analysis framework to consider security concerns during all software development stages. Concepts like trust, ownership, and delegation are used along with the basic Tropos concepts of actor, goal, plan and social dependency. Tropos offers also a three layer framework to model and reason about risk. Finally, an extension of i* deals with normative requirements to verify compliance with law. In this page, you can find the current Tropos research work risk, security and norms.