Movatterモバイル変換

[0]ホーム
URL:

Skip to main content

Advertisement

Springer Nature Link
Log in

Modeling Social and Individual Trust in Requirements Engineering Methodologies

  • Conference paper
Trust Management(iTrust 2005)

Part of the book series:Lecture Notes in Computer Science ((LNISA,volume 3477))

Included in the following conference series:

  • 2111Accesses

Abstract

When we model and analyze trust in organizations or information systems we have to take into account two different levels of analysis: social and individual. Social levels define the structure of organizations, whereas individual levels focus on individual agents. This is particularly important when capturing security requirements where a “normally” trusted organizational role can be played by an untrusted individual.

Our goal is to model and analyze the two levels finding the link between them and supporting the automatic detection of conflicts that can come up when agents play roles in the organization. We also propose a formal framework that allows for the automatic verification of security requirements between the two levels by using Datalog and has been implemented in CASE tool.

This work has been partially funded by the IST programme of the EU Commission, FET under the IST-2001-37004 WASP project, by the FIRB programme of MIUR under the RBNE0195K5 ASTRO Project and by PAT MOSTRO project.

This is a preview of subscription content,log in via an institution to check access.

Access this chapter

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Bresciani, P., Giorgini, P., Giunchiglia, F., Mylopoulos, J., Perini, A.: TROPOS: An Agent-Oriented Software Development Methodology. JAAMAS 8(3), 203–236 (2004)

    Google Scholar 

  2. Castelfranchi, C., Falcone, R.: Principles of trust for MAS: Cognitive anatomy, social importance and quantification. In: Proc. of ICMAS 1998, pp. 72–79. IEEE Press, Los Alamitos (1998)

    Google Scholar 

  3. den Braber, F., Dimitrakos, T., Gran, B.A., Lund, M.S., Stølen, K., Aagedal, J.Ø.: The CORAS methodology: model-based risk assessment using UML and UP. In: UML and the unified process, pp. 332–357. Idea Group Publishing, USA (2003)

    Google Scholar 

  4. Doan, T., Demurjian, S., Ting, T.C., Ketterl, A.: MAC and UML for secure software design. In: Proc. of FMSE 2004, pp. 75–85. ACM Press, New York (2004)

    Chapter  Google Scholar 

  5. Giorgini, P., Massacci, F., Mylopoulous, J., Zannone, N.: Requirements Engineering meets Trust Management: Model, Methodology, and Reasoning. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds.) iTrust 2004. LNCS, vol. 2995, pp. 176–190. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  6. Guessoum, Z., Ziane, M., Faci, N.: Monitoring and Organizational-Level Adaptation of Multi-Agent Systems. In: Proc. of AAMAS 2004, pp. 514–521. ACM Press, New York (2004)

    Google Scholar 

  7. Hannoun, M., Sichman, J.S., Boissier, O., Sayettat, C.: Dependence Relations between Roles in a Multi-Agent System: Towards the Detection of Inconsistencies in Organization. In: Sichman, J.S., Conte, R., Gilbert, N. (eds.) MABS 1998. LNCS (LNAI), vol. 1534, pp. 169–182. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  8. Huynh, D., Jennings, N.R., Shadbolt, N.R.: Developing an Integrated Trust and Reputation Model for Open Multi-Agent Systems. In: Proc. of 7th Int. Workshop on Trust in Agent Societies, pp. 65–74 (2004)

    Google Scholar 

  9. Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. TODS 26(2), 214–260 (2001)

    Article MATH  Google Scholar 

  10. Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2004)

    Google Scholar 

  11. Kaminka, G.A., Pynadath, D.V., Tambe, M.: Monitoring Teams by Overhearing: A Multi-Agent Plan-Recognition Approach. JAIR 17, 83–135 (2002)

    MATH  Google Scholar 

  12. Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)

    Google Scholar 

  13. Massacci, F., Prest, M., Zannone, N.: Using a Security Requirements Engineering Methodology in Practice: The compliance with the Italian Data Protection Legislation. In: Comp. Standards & Interfaces (2005); To Appear. An extended version is available as Technical report DIT-04-103 at,http://eprints.biblio.unitn.it

  14. McDermott, J., Fox, C.: Using Abuse Case Models for Security Requirements Analysis. In: Proc. of ACSAC 1999, pp. 55–66. IEEE Press, Los Alamitos (1999)

    Google Scholar 

  15. Ponemon, L.: What Keeps Security Professionals Up At Night? (April 2003),http://www.darwinmag.com/read/040103/threats.html

  16. Ray, I., Li, N., France, R., Kim, D.-K.: Using UML to visualize role-based access control constraints. In: Proc. of SACMAT 2004, pp. 115–124. ACM Press, New York (2004)

    Chapter  Google Scholar 

  17. Sichman, J.S., Conte, R.: On personal and role mental attitudes: A preliminary dependence-based analysis. In: de Oliveira, F.M. (ed.) SBIA 1998. LNCS (LNAI), vol. 1515, pp. 1–10. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  18. Sindre, G., Opdahl, A.L.: Eliciting Security Requirements by Misuse Cases. In: Proc. of TOOLS Pacific 2000, pp. 120–131. IEEE Press, Los Alamitos (2000)

    Google Scholar 

  19. van Lamsweerde, A., Brohez, S., De Landtsheer, R., Janssens, D.: From System Goals to Intruder Anti-Goals: Attack Generation and Resolution for Security Requirements Engineering. In: Proc. of RHAS 2003, pp. 49–56 (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information and Communication Technology, University of Trento, Italy

    Paolo Giorgini, Fabio Massacci, John Mylopoulos & Nicola Zannone

  2. Department of Computer Science, University of Toronto, Canada

    John Mylopoulos

Authors
  1. Paolo Giorgini

    You can also search for this author inPubMed Google Scholar

  2. Fabio Massacci

    You can also search for this author inPubMed Google Scholar

  3. John Mylopoulos

    You can also search for this author inPubMed Google Scholar

  4. Nicola Zannone

    You can also search for this author inPubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Telematics, Norwegian University of Science and Technology (NTNU), N-7491, Trondheim, Norway

    Peter Herrmann

  2. INRIA-Rocquencourt, Domaine de Voluceau, 78153, Le Chesnay, France

    Valérie Issarny

  3. Department of Computing, The Hong Kong Polytechnic University, HungHom, Kowloon, Hong Kong

    Simon Shiu

Rights and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N. (2005). Modeling Social and Individual Trust in Requirements Engineering Methodologies. In: Herrmann, P., Issarny, V., Shiu, S. (eds) Trust Management. iTrust 2005. Lecture Notes in Computer Science, vol 3477. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11429760_12

Download citation

Publish with us

[8]ページ先頭
©2009-2025 Movatter.jp