SpringerLink
Log in

Managing Security Requirements Conflicts in Socio-Technical Systems

  • Conference paper
Conceptual Modeling (ER 2013)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 8217))

Included in the following conference series:

Abstract

Requirements are inherently prone to conflicts, for they originate from stakeholders with different, often opposite, needs. Security requirements are no exception. Importantly, their violation leads to severe effects, including privacy infringement, legal sanctions, and exposure to security attacks. Today’s systems are Socio-Technical Systems (STSs): they consist of autonomous participants (humans, organisations, software) that interact to get things done. In STSs, security is not just a technical challenge, but it needs to consider the social components of STSs too. We have previously proposed STS-ml, a security requirements modelling language for STSs that expresses security requirements as contractual constraints over the interactions among STS participants. In this paper, we build on top of STS-ml and propose a framework that, via automated reasoning techniques, supports the identification and management of conflicts in security requirements models. We apply our framework to a case study about e-Government, and report on promising scalability results of our implementation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Bertino, E., Jajodia, S., Samarati, P.: A flexible authorization mechanism for relational data management systems. ACM Transactions on Information Systems 17(2), 101–140 (1999)

    Article  Google Scholar 

  2. Dalpiaz, F., Paja, E., Giorgini, P.: Security requirements engineering via commitments. In: Proc. of STAST 2011, pp. 1–8 (2011)

    Google Scholar 

  3. De Landtsheer, R., van Lamsweerde, A.: Reasoning about confidentiality at requirements engineering time. In: Proc. of FSE 2005, pp. 41–49 (2005)

    Google Scholar 

  4. Elahi, G., Yu, E.: A goal oriented approach for modeling and analyzing security trade-offs. In: Parent, C., Schewe, K.-D., Storey, V.C., Thalheim, B. (eds.) ER 2007. LNCS, vol. 4801, pp. 375–390. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  5. Finkelstein, A., Gabbay, D., Hunter, A., Kramer, J., Nuseibeh, B.: Inconsistency handling in multiperspective specifications. IEEE TSE 20(8), 569–578 (1994)

    Google Scholar 

  6. Fuxman, A., Pistore, M., Mylopoulos, J., Traverso, P.: Model checking early requirements specifications in tropos. In: Proc. of RE 2001, pp. 174–181 (2001)

    Google Scholar 

  7. Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling security requirements through ownership, permission and delegation. In: Proc. of RE 2005, pp. 167–176 (2005)

    Google Scholar 

  8. Giorgini, P., Mylopoulos, J., Nicchiarelli, E., Sebastiani, R.: Reasoning with goal models. In: Spaccapietra, S., March, S.T., Kambayashi, Y. (eds.) ER 2002. LNCS, vol. 2503, pp. 167–181. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  9. Haley, C.B., Laney, R., Moffett, J.D., Nuseibeh, B.: Security requirements engineering: A framework for representation and analysis. IEEE TSE 34(1), 133–153 (2008)

    Google Scholar 

  10. Horkoff, J., Yu, E.: Finding solutions in goal models: An interactive backward reasoning approach. In: Parsons, J., Saeki, M., Shoval, P., Woo, C., Wand, Y. (eds.) ER 2010. LNCS, vol. 6412, pp. 59–75. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  11. Kissel, R.: Glossary of key information security terms. Technical Report IR 7298 Rev 1, NIST (2011)

    Google Scholar 

  12. Liu, L., Yu, E., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: Proc. of RE 2003, pp. 151–161 (2003)

    Google Scholar 

  13. Mouratidis, H., Giorgini, P.: Secure Tropos: A security-oriented extension of the tropos methodology. IJSEKE 17(2), 285–309 (2007)

    Google Scholar 

  14. Paja, E., Dalpiaz, F., Giorgini, P.: Identifying conflicts in security requirements with STS-ml. Technical Report DISI-12-041, University of Trento (2012)

    Google Scholar 

  15. Paja, E., Dalpiaz, F., Poggianella, M., Roberti, P., Giorgini, P.: STS-Tool: socio-technical security requirements through social commitments. In: Proc. of RE 2012, pp. 331–332 (2012)

    Google Scholar 

  16. Shvaiko, P., Mion, L., Dalpiaz, F., Angelini, G.: The TasLab portal for collaborative innovation. In: Proc. of ICE 2010 (2010)

    Google Scholar 

  17. Trösterer, S., Beck, E., Dalpiaz, F., Paja, E., Giorgini, P., Tscheligi, M.: Formative user-centered evaluation of security modeling: Results from a case study. IJSSE 3(1), 1–19 (2012)

    Article  Google Scholar 

  18. van Lamsweerde, A., Darimont, R., Letier, E.: Managing conflicts in goal-driven requirements engineering. IEEE TSE 24(11), 908–926 (1998)

    Google Scholar 

  19. Whitman, M.E., Mattord, H.J.: Principles of Information Security, 4th edn. Course Technology Press (2011)

    Google Scholar 

  20. Yu, E.: Modelling strategic relationships for process reengineering. PhD thesis, University of Toronto, Canada (1996)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Trento, Italy

    Elda Paja & Paolo Giorgini

  2. University of Toronto, Canada

    Fabiano Dalpiaz

Authors
  1. Elda Paja
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fabiano Dalpiaz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Paolo Giorgini
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, The Hong Kong University of Science and Technology, Hong Kong, China

    Wilfred Ng

  2. Department of Computer Information Systems, J. Mack Robinson College of Business, Georgia State University, USA

    Veda C. Storey

  3. University of Allicante, 03690, Allicante, Spain

    Juan C. Trujillo

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Paja, E., Dalpiaz, F., Giorgini, P. (2013). Managing Security Requirements Conflicts in Socio-Technical Systems. In: Ng, W., Storey, V.C., Trujillo, J.C. (eds) Conceptual Modeling. ER 2013. Lecture Notes in Computer Science, vol 8217. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41924-9_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-41924-9_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-41923-2

  • Online ISBN: 978-3-642-41924-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation