Abstract
When we model and analyze trust in organizations or information systems we have to take into account two different levels of analysis: social and individual. Social levels define the structure of organizations, whereas individual levels focus on individual agents. This is particularly important when capturing security requirements where a “normally” trusted organizational role can be played by an untrusted individual.
Our goal is to model and analyze the two levels finding the link between them and supporting the automatic detection of conflicts that can come up when agents play roles in the organization. We also propose a formal framework that allows for the automatic verification of security requirements between the two levels by using Datalog and has been implemented in CASE tool.
This work has been partially funded by the IST programme of the EU Commission, FET under the IST-2001-37004 WASP project, by the FIRB programme of MIUR under the RBNE0195K5 ASTRO Project and by PAT MOSTRO project.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bresciani, P., Giorgini, P., Giunchiglia, F., Mylopoulos, J., Perini, A.: TROPOS: An Agent-Oriented Software Development Methodology. JAAMAS 8(3), 203–236 (2004)
Castelfranchi, C., Falcone, R.: Principles of trust for MAS: Cognitive anatomy, social importance and quantification. In: Proc. of ICMAS 1998, pp. 72–79. IEEE Press, Los Alamitos (1998)
den Braber, F., Dimitrakos, T., Gran, B.A., Lund, M.S., Stølen, K., Aagedal, J.Ø.: The CORAS methodology: model-based risk assessment using UML and UP. In: UML and the unified process, pp. 332–357. Idea Group Publishing, USA (2003)
Doan, T., Demurjian, S., Ting, T.C., Ketterl, A.: MAC and UML for secure software design. In: Proc. of FMSE 2004, pp. 75–85. ACM Press, New York (2004)
Giorgini, P., Massacci, F., Mylopoulous, J., Zannone, N.: Requirements Engineering meets Trust Management: Model, Methodology, and Reasoning. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds.) iTrust 2004. LNCS, vol. 2995, pp. 176–190. Springer, Heidelberg (2004)
Guessoum, Z., Ziane, M., Faci, N.: Monitoring and Organizational-Level Adaptation of Multi-Agent Systems. In: Proc. of AAMAS 2004, pp. 514–521. ACM Press, New York (2004)
Hannoun, M., Sichman, J.S., Boissier, O., Sayettat, C.: Dependence Relations between Roles in a Multi-Agent System: Towards the Detection of Inconsistencies in Organization. In: Sichman, J.S., Conte, R., Gilbert, N. (eds.) MABS 1998. LNCS (LNAI), vol. 1534, pp. 169–182. Springer, Heidelberg (1998)
Huynh, D., Jennings, N.R., Shadbolt, N.R.: Developing an Integrated Trust and Reputation Model for Open Multi-Agent Systems. In: Proc. of 7th Int. Workshop on Trust in Agent Societies, pp. 65–74 (2004)
Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. TODS 26(2), 214–260 (2001)
Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2004)
Kaminka, G.A., Pynadath, D.V., Tambe, M.: Monitoring Teams by Overhearing: A Multi-Agent Plan-Recognition Approach. JAIR 17, 83–135 (2002)
Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)
Massacci, F., Prest, M., Zannone, N.: Using a Security Requirements Engineering Methodology in Practice: The compliance with the Italian Data Protection Legislation. In: Comp. Standards & Interfaces (2005); To Appear. An extended version is available as Technical report DIT-04-103 at, http://eprints.biblio.unitn.it
McDermott, J., Fox, C.: Using Abuse Case Models for Security Requirements Analysis. In: Proc. of ACSAC 1999, pp. 55–66. IEEE Press, Los Alamitos (1999)
Ponemon, L.: What Keeps Security Professionals Up At Night? (April 2003), http://www.darwinmag.com/read/040103/threats.html
Ray, I., Li, N., France, R., Kim, D.-K.: Using UML to visualize role-based access control constraints. In: Proc. of SACMAT 2004, pp. 115–124. ACM Press, New York (2004)
Sichman, J.S., Conte, R.: On personal and role mental attitudes: A preliminary dependence-based analysis. In: de Oliveira, F.M. (ed.) SBIA 1998. LNCS (LNAI), vol. 1515, pp. 1–10. Springer, Heidelberg (1998)
Sindre, G., Opdahl, A.L.: Eliciting Security Requirements by Misuse Cases. In: Proc. of TOOLS Pacific 2000, pp. 120–131. IEEE Press, Los Alamitos (2000)
van Lamsweerde, A., Brohez, S., De Landtsheer, R., Janssens, D.: From System Goals to Intruder Anti-Goals: Attack Generation and Resolution for Security Requirements Engineering. In: Proc. of RHAS 2003, pp. 49–56 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N. (2005). Modeling Social and Individual Trust in Requirements Engineering Methodologies. In: Herrmann, P., Issarny, V., Shiu, S. (eds) Trust Management. iTrust 2005. Lecture Notes in Computer Science, vol 3477. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11429760_12
Download citation
DOI: https://doi.org/10.1007/11429760_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26042-4
Online ISBN: 978-3-540-32040-1
eBook Packages: Computer ScienceComputer Science (R0)