Privacy-Aware Trust Negotiation

  • Ruben RiosEmail author
  • Carmen Fernandez-Gago
  • Javier Lopez
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9871)


Software engineering and information security have traditionally followed divergent paths but lately some efforts have been made to consider security from the early phases of the Software Development Life Cycle (SDLC). This paper follows this line and concentrates on the incorporation of trust negotiations during the requirements engineering phase. More precisely, we provide an extension to the SI* modelling language, which is further formalised using Answer Set Programming specifications to support the automatic verification of the model and the detection of privacy conflicts caused by trust negotiations.


Secure software engineering Requirements engineering Goal-oriented modelling Privacy Trust 



This work has been partially funded by the European Commission through the Marie Curie Training Network NeCS (H2020-MSCA-ITN-2015-675320), the Spanish Ministry of Economy and Competitiveness through PERSIST (TIN2013-41739-R) and PRECISE (TIN2014-54427-JIN), which is co-financed by FEDER.


  1. 1.
    Asnar, Y., Li, T., Massacci, F., Paci, F.: Computer aided threat identification. In: 13th IEEE Conference on Commerce and Enterprise Computing, pp. 145–152 (2011)Google Scholar
  2. 2.
    Brewka, G., Eiter, T., Truszczyński, M.: Answer set programming at a glance. Commun. ACM 54(12), 92–103 (2011)CrossRefGoogle Scholar
  3. 3.
    Castro, J., Giorgini, P., Kolp, M., Mylopoulos, J.: Tropos: a requirements-driven methodology for agent-oriented software. In: Henderson-Sellers, B., Giorgini, P. (eds.) Agent-Oriented Methodologies. Idea Group, Hershey (2005)Google Scholar
  4. 4.
    Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir. Eng. 16(1), 3–32 (2011)CrossRefGoogle Scholar
  5. 5.
    Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requir. Eng. 13, 241–255 (2008)CrossRefGoogle Scholar
  6. 6.
    Massacci, F., Mylopoulos, J., Zannone, N.: Security requirements engineering: the SI* modeling language and the secure tropos methodology. In: Ras, Z.W., Tsay, L.-S. (eds.) Advances in Intelligent Information Systems. SCI, vol. 265, pp. 147–174. Springer, Heidelberg (2010)Google Scholar
  7. 7.
    Mouratidis, H., GiorginiI, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Know. 17(02), 285–309 (2007)CrossRefGoogle Scholar
  8. 8.
    Notario, N., Crespo, A., Martín, Y., del Álamo, J.M., Métayer, D.L., Antignac, T., Kung, A., Kroener, I., Wright, D.: PRIPARE: integrating privacy best practices into a privacy engineering methodology. In: International Workshop on Privacy, Engineering, pp. 151–158 (2015)Google Scholar
  9. 9.
    Paci, F., Fernandez-Gago, C., Moyano, F.: Detecting insider threats: a trust-aware framework. In: 8th International Conference on Availability, Reliability and Security (ARES), pp. 121–130, September 2013Google Scholar
  10. 10.
    Paja, E., Dalpiaz, F., Giorgini, P.: Modelling and reasoning about security requirements in socio-technical systems. Data Knowl. Eng. 98, 123–143 (2015)CrossRefGoogle Scholar
  11. 11.
    Squicciarini, A., Bertino, E., Ferrari, E., Paci, F., Thuraisingham, B.: PP-Trust-X: a system for privacy preserving trust negotiations. ACM Trans. Inf. Syst. Secur. 10(3), 1–50 (2007)CrossRefGoogle Scholar
  12. 12.
    van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: 26th International Conference on Software Engineering, ICSE 2004, pp. 148–157. IEEE Computer Society, Washington, DC (2004)Google Scholar
  13. 13.
    van Lamsweerde, A., Letier, E.: Handling obstacles in goal-oriented requirements engineering. IEEE T Softw. Eng. 26(10), 978–1005 (2000)CrossRefGoogle Scholar
  14. 14.
    van Lamsweerde, A., Darimont, R., Letier, E.: Managing conflicts in goal-driven requirements engineering. IEEE T Softw. Eng. 24(11), 908–926 (1998)CrossRefGoogle Scholar
  15. 15.
    Winslett, M., Yu, T., Seamons, K.E., Hess, A., Jacobson, J., Jarvis, R., Smith, B., Yu, L.: Negotiating trust on the web. IEEE Internet Comput. 6(6), 30–37 (2002)CrossRefGoogle Scholar
  16. 16.
    Yu, E.: Modelling strategic relationships for process reengineering. Ph.D thesis. University of Toronto, Canada (1996)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Ruben Rios
    • 1
    Email author
  • Carmen Fernandez-Gago
    • 1
  • Javier Lopez
    • 1
  1. 1.Network, Information and Computer Security (NICS) LabUniversity of MalagaMálagaSpain

Personalised recommendations