Requirement Engineering for Trust Management : Model, Methodology Reasoning P. Giorgini, F. Massacci, J. Mylopoulos, N. Zannone, “Requirements Engineering.

Slides:

Advertisements

Similar presentations

Supporting Life Scientists via End User Programming Luke Church Computer Laboratory, University of Cambridge Microsoft eScience - Dec 08 With thanks to.

Advertisements

Improving Marking Efficiency and Engineering Undergraduate Feedback with Innovative Software Tools Barry J Beggs, Elaine M Smith & Allan Pellow

2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.

Giorgini P., EuroPKI Filling the gap between Requirements Engineering and Public Key/Trust Management Infrastructures Paolo Giorgini Department of.

Strategic Modelling for Enterprise Integration Eric Yu University of Toronto 14th World Congress International Federation of Automatic Control July 5-9,

Overview of OASIS SOA Reference Architecture Foundation (SOA-RAF)

Karolina Muszyńska Based on

Managing Process Portfolios and Change Using Organisational Models Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science.

Chapter 6: Design of Expert Systems

Research Proposal and Dissertation Daing Nasir Ibrahim.

TERM PROJECT The Project usually consists of the following: Title

Karolina Muszyńska Based on

Objectives Explain the purpose and various phases of the traditional systems development life cycle (SDLC) Explain when to use an adaptive approach to.

AOSE-2003, Melbourne July 15 th 1 Agent Oriented modeling by interleaving formal and informal analysis Anna Perini 1, Marco Pistore 2,1, Marco Roveri 1,

1 Scenario-based Analysis of UML Design Class Models Lijun Yu October 4th, 2010 Oslo, Norway.

ACE TESOL Diploma Program – London Language Institute OBJECTIVES You will understand: 1. The difference between a course, curriculum, and syllabus. 2.

Basic Concepts The Unified Modeling Language (UML) SYSC System Analysis and Design.

How can ERP improve a company’s business performance?  Prior to ERP systems, companies stored important business records in many different departments.

Model-Driven User Requirements Specification using SysML Authors: Michel dos Santos Soares, Jos Vrancken Source: Journal of Software(JSW), Vol. 3, No.

Role-based Trust Management Security Policy Analysis and Correction Environment (RT-SPACE). Gregory T. Hoffer CS7323 – Research Seminar (Dr. Qi Tian)

1 Conceptual Modeling of User Interfaces to Workflow Information Systems Conceptual Modeling of User Interfaces to Workflow Information Systems By: Josefina.

Unit 2: Engineering Design Process

Computational Thinking The VT Community web site:

Module 1 Session 1.1 Visual 1 Managing the Implementation of Development Projects Course Overview and Introduction.

Software Engineering 2003 Jyrki Nummenmaa 1 REQUIREMENT SPECIFICATION Today: Requirements Specification Requirements tell us what the system should.

SE-02 SOFTWARE ENGINEERING LECTURE 3 Today: Requirements Analysis Requirements tell us what the system should do - not how it should do it. Requirements.

SecureTropos ST-Tool A CASE tool for security-aware software requirements analysis Departement of Information and Communication Technology – University.

VTT-STUK assessment method for safety evaluation of safety-critical computer based systems - application in BE-SECBS project.

Multi-agent Research Tool (MART) A proposal for MSE project Madhukar Kumar.

©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 6 Slide 1 Requirements Engineering Processes l Processes used to discover, analyse and.

DIRECTORY OF EXISTING PROFESSIONAL AND TECHNICAL QUALIFICATIONS IN THE EU (Guy Van Gyes, Tom Vandenbrande, Ellen Schryvers) Budapest, June 12 & 13, 2003.

Requirements Engineering Requirements Elicitation Process Lecture-8.

Software Engineering – University of Tampere, CS DepartmentJyrki Nummenmaa REQUIREMENT SPECIFICATION Today: Requirements Specification.

Using UML, Patterns, and Java Object-Oriented Software Engineering Chapter 4, Requirements Elicitation.

Università degli Studi di Zannone, Massacci, MylopoulosSecure Tropos -- 1 Security Requirements Engineering Methodologies Nicola Zannone,

Research and Writing Seminar Thursday, – 16 35, room C To find an up-to-date version of the schedule and to read the papers check the website

Abstract We present two Model Driven Engineering (MDE) tools, namely the Eclipse Modeling Framework (EMF) and Umple. We identify the structure and characteristic.

Presentation on Issues and Challenges in Evaluation of Agent-Oriented Software Engineering Methodologies By: kanika singhal.

1 Software Development Software Engineering is the study of the techniques and theory that support the development of high-quality software The focus is.

Developing online activities for postgraduate students in computing Centre for Open Learning of Mathematics, Science, Computing and Technology (COLMSCT)

A Goal Based Methodology for Developing Domain-Specific Ontological Frameworks Faezeh Ensan, Weichang Du Faculty of Computer Science, University of New.

Using Meta-Model-Driven Views to Address Scalability in i* Models Jane You Department of Computer Science University of Toronto.

Software Debugging, Testing, and Verification Presented by Chris Hundersmarck November 10, 2004 Dr. Bi’s SE516.

Towards Common Standards for Studies of Software Engineering Tools and Tool Features Timothy C. Lethbridge University of Ottawa.

Personal Information Management in a Ubiquitous Computing Environment Institute of Systems & Information Technologies/KYUSHU Kenichi Takahashi.

Cognitive Dimensions  Developed by Thomas Green, Univ. of Leeds  Used to analyze the usability of information artifacts  Applied to discover useful.

Research Report. Introduction Introduce the research problem Introduce the research problem Why is the study important and to whom Why is the study important.

OVERVIEW Framework Overview – From Programming to Music Dimensions in Detail – Visibility, Progressive Evaluation, Consistency, Viscosity, Abstraction.

 2001 John Mylopoulos STRAW’ Software Architectures as Social Structures John Mylopoulos University of Toronto First ICSE Workshop titled “From.

Visual Language Evaluation Group 1: Agentsheets cliu052 Chang Liu snah008 Sang Ho Nah twan052 Tao Wang ylee089 Yun Hee Lee.

Error Explanation with Distance Metrics Authors: Alex Groce, Sagar Chaki, Daniel Kroening, and Ofer Strichman International Journal on Software Tools for.

1 Systems Architecture WG: Charter and Work Plan October 23, 2003 Takahiro Yamada, JAXA/ISAS.

Whole Test Suite Generation. Abstract Not all bugs lead to program crashes, and not always is there a formal specification to check the correctness of.

HFID Pam Darvirris Amy Dyer Heena Mutha Ben Small Assessing Value Through Testing Team Fresh City.

Requirement Elicitation Review – Class 8 Functional Requirements Nonfunctional Requirements Software Requirements document Requirements Validation and.

SECURE TROPOS Michalis Pavlidis 8 May Seminar Agenda  Secure Tropos  History and Foundation  Tropos  Basics  Secure Tropos  Concepts / Modelling.

“What the is That? Deception and Countermeasures in the Android User Interface” Presented by Luke Moors.

Development of 4Cs among students in the framework of Content and Language Integrated Learning through debates CLIL demands a reconceptualisation of the.

Model Checking Early Requirements Specifications in Tropos Presented by Chin-Yi Tsai.

Session topic (i) – Editing Administrative and Census data Discussants Orietta Luzi and Heather Wagstaff UNECE Worksession on Statistical Data Editing.

University of Trento, Italy

WP3: D3.1 status, pending comments and next steps

<Student’s name>

Informatics 121 Software Design I

Modeling Ideator using Tropos Syed Hamza Javed

Requirements Engineering meets Trust Management

The Tropos visual modeling language A meta-model.

Detecting Conflicts of Interest

Agent-oriented Software Engineering Methodologies

Needs tree introduction

Presentation transcript:

Requirement Engineering for Trust Management : Model, Methodology Reasoning P. Giorgini, F. Massacci, J. Mylopoulos, N. Zannone, “Requirements Engineering for Trust Management: Model, Methodology, and Reasoning”, International Journal of Information Security 5:4, pp , October Presented by: Ramya Porumamilla

Summary Proposes an enhancement to Tropos by: * Separating actors, tasks, resources and social dependencies. * Defining the trust relationship between the actors. * Creating a functional relationship model. Existing Tropos methodology: Depender  Dependum  Dependee Provides a formal framework for modeling and analysing security and trust requirements.

Proposed Solution Introduces a trust relationship model to tropos - Trust, delegation, offer and ownership Methodology: 1. design a trust model among the actors of the systems. 2. identify who owns goals, tasks, or resources and who is able to fulfill goals, execute tasks or deliver resources 3. define functional dependencies and delegations of goals among agents building a functional model Finally, supports automatic verification of security requirements and trust relationships using formal modeling language.

Appreciation The proposed solution introduces a trust relationship model to tropos - Trust, delegation, offer and ownership Provides a way to abstract trust and functional models using diagrams – good Visual Language Allows automatic verification of the security requirements and trust relationships using formal modelling language – Datalog. Applications in Medical, Banking and other large applications which require high level of security Offers a formal modelling of the entire system including the its working environment.

Critical Comment (1) The proposed methodology is feasible only for large scale applications which deal with sensitive information like Medical and Banking applications Usability of the Visual Language (diagrams) is not verified in this paper. - No evaluations using formal Visual Language frameworks: eg: Cognitive Dimensions: abstraction gradient, consistency, diffuseness, error-proneness, premature commitment and visibility.

Critical Comment (2) The automatic verification of security requirements using formal modelling language is not clearly explained and evaluated. Feasibility of such a system is still debatable.

Conclusions Existing Tropos methodology: Depender  Dependum  Dependee The paper proposes an enhancement to Tropos by: * Separating actors, tasks, resources and social dependencies. * Defining the trust relationship between the actors. * Creating a functional relationship model. Provides a formal framework for modeling and analysing security and trust requirements. However, formal usability studies are required to evaluate the usefulness of this system.

Question Can this system be extended so that it can be used as a Visual Language tool ? Automatic generation of the formal modelling language from the security and trust relationship diagrams as shown: