Enhancing Problem Frames with Trust and Reputation for Analyzing Smart Grid Security Requirements

  • Francisco MoyanoEmail author
  • Carmen Fernández-Gago
  • Kristian Beckers
  • Maritta Heisel
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8448)


Smart grids are expected to scale over millions of users and provide numerous services over geographically distributed entities. Moreover, smart grids are expected to contain controllable local systems (CLS) such as fridges or heaters that can be controlled using the network communication technology of the grid. Security solutions that prevent harm to the grid and to its stakeholders from CLS are essential. Moreover, traditional security approaches such as static access control systems cause a lot of administrative workload and are difficult to maintain in fast growing and changing systems. In contrast, trust management is a soft security mechanism that can reduce this workload significantly. Even though there is not any accepted definition of trust, it is agreed that it can improve decision-making processes under risk and uncertainty, improving in turn systems’ security. We use the problem frames notation to discuss requirements for a trust-based security solution concerning CLS.


Problem frames Model-driven engineering Security requirements engineering Trust Reputation UML4PF 


  1. 1.
    Moyano, F., Fernandez-Gago, C., Lopez, J.: A conceptual framework for trust models. In: Fischer-Hübner, S., Katsikas, S., Quirchmayr, G. (eds.) TrustBus 2012. LNCS, vol. 7449, pp. 93–104. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  2. 2.
    Kirtland, A., Schiff, A.: On a scale of 1 to 5: understanding risk improves rating and reputation systems (2008).
  3. 3.
    Rasmusson, L., Jansson, S.: Simulated social control for secure internet commerce. In: Proceedings of the 1996 Workshop on New Security Paradigms, NSPW ’96, pp. 18–25. ACM, New York (1996)Google Scholar
  4. 4.
    Roman, R., Zhou, J., Lopez, J.: On the features and challenges of security and privacy in distributed internet of things. Comput. Netw. 57, 2266–2279 (2013)CrossRefGoogle Scholar
  5. 5.
    European Commission: Restructuring in Europe 2011: restructuring and anticipation of change, what lessons from recent experience? (2012).
  6. 6.
    Jackson, M.: Problem Frames: Analyzing and Structuring Software Development Problems. Addison-Wesley, Boston (2001)Google Scholar
  7. 7.
    Massacci, F., Mylopoulos, J., Zannone, N.: Security requirements engineering: the SI* modeling language and the secure tropos methodology. In: Ras, Z.W., Tsay, L.-S. (eds.) Advances in Intelligent Information Systems. SCI, vol. 265, pp. 147–174. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  8. 8.
    van Lamsweerde, A.: Requirements Engineering: From System Goals to UML Models to Software Specifications, 1st edn. Wiley, Hoboken (2009)Google Scholar
  9. 9.
    Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis: The CORAS Approach, 1st edn. Springer, Heidelberg (2010)Google Scholar
  10. 10.
    UML Revision Task Force: OMG Object Constraint Language: Reference, February (2010)Google Scholar
  11. 11.
    Côté, I., Hatebur, D., Heisel, M., Schmidt, H.: UML4PF - a tool for problem-oriented requirements analysis. In: Proceedings of the International Conference on Requirements Engineering (RE), pp. 349–350. IEEE Computer Society (2011)Google Scholar
  12. 12.
    Côté, I.: A Systematic Approach to Software Evolution. Deutscher Wissenschafts-Verlag (DWV), Baden-Baden (2012)Google Scholar
  13. 13.
    Marsh, S.: Formalising Trust as a Computational Concept. Ph.D. thesis, University of Stirling (1994)Google Scholar
  14. 14.
    Jøsang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decis. Support Syst. 43(2), 618–644 (2007)CrossRefGoogle Scholar
  15. 15.
    Hatebur, D., Heisel, M.: A UML profile for requirements analysis of dependable software. In: Schoitsch, E. (ed.) SAFECOMP 2010. LNCS, vol. 6351, pp. 317–331. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  16. 16.
    Hatebur, D., Heisel, M., Schmidt, H.: A formal metamodel for problem frames. In: Czarnecki, K., Ober, I., Bruel, J.-M., Uhl, A., Völter, M. (eds.) MODELS 2008. LNCS, vol. 5301, pp. 68–82. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  17. 17.
    Jackson, M., Zave, P.: Deriving specifications from requirements: an example. In: Proceedings of the 17th International Conference on Software Engineering, Seattle, USA, pp. 15–24. ACM Press (1995)Google Scholar
  18. 18.
    Haley, C.B., Laney, R.C., Nuseibeh, B.: Deriving security requirements from crosscutting threat descriptions. In: Proceedings of the 3rd International Conference on Aspect-Oriented Software Development, AOSD ’04, pp. 112–121. ACM (2004)Google Scholar
  19. 19.
    Salifu, M., Yu, Y., Nuseibeh, B.: Specifying monitoring and switching problems in context. In: 15th IEEE International Requirements Engineering Conference, 2007, RE ’07, pp. 211–220 (2007)Google Scholar
  20. 20.
    Jürjens, J.: UMLsec: extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, p. 412. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  21. 21.
    Lodderstedt, T., Basin, D., Doser, J.: SecureUML: a UML-based modeling language for model-driven security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, p. 426. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  22. 22.
    Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(2), 285–309 (2007)CrossRefGoogle Scholar
  23. 23.
    van Lamsweerde, A., Letier, E.: Handling obstacles in goal-oriented requirements engineering. IEEE Trans. Softw. Eng. 26(10), 978–1005 (2000)CrossRefGoogle Scholar
  24. 24.
    Paci, F., Fernandez-Gago, C., Moyano, F.: Detecting insider threats: a trust-aware framework. In: 8th International Conference on Availability, Reliability and Security, Regensburg, Germany, Nov 2013, pp. 121–130. IEEE (2013)Google Scholar
  25. 25.
    Pavlidis, M., Mouratidis, H., Islam, S.: Modelling security using trust based concepts. IJSSE 3(2), 36–53 (2012)Google Scholar
  26. 26.
    BSI: Protection Profile for the Gateway of a Smart Metering System (Gateway PP). Version 01.01.01(final draft), Bundesamt für Sicherheit in der Informationstechnik (BSI) - Federal Office for Information Security Germany (2011)
  27. 27.
    ISO/IEC: Information technology - Security techniques - Information security management systems - Requirements. ISO/IEC 27001, International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) (2005)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Francisco Moyano
    • 1
    Email author
  • Carmen Fernández-Gago
    • 1
  • Kristian Beckers
    • 2
  • Maritta Heisel
    • 2
  1. 1.Network, Information and Computer Security LabUniversity of MalagaMalagaSpain
  2. 2.Paluno - The Ruhr Institute for Software TechnologyUniversity of Duisburg-EssenEssenGermany

Personalised recommendations