Enhancing Secure Tropos to Effectively Deal with Security Requirements in the Development of Multiagent Systems

  • H. Mouratidis
  • P. Giorgini
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4324)


The consideration of security requirements in the development of multi-agent systems is a very difficult task. However, only few approaches have been proposed that try to integrate security issues as internal part of the development process. Amongst them, secure Tropos has been proposed as a structured approach towards the consideration of security issues in the development of multiagent systems. In this paper we enhance secure Tropos by integrating to its stages: (i) a process for selecting amongst alternative architectural styles using as criteria the security requirements of the system; (ii) a pattern-based approach to transform security requirements to design, and (iii) a security attack scenarios approach to test the developed solution. The electronic single assessment process (eSAP) case study is used to illustrate our approach.


Multiagent System Security Requirement Architectural Style Pattern Language Secure Goal 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bresciani, P., Giorgini, P., Giunchiglia, F., Mylopoulos, J., Perini, A.: TROPOS: An Agent-Oriented Software Development Methodology. Journal of Autonomous Agents and Multi-Agent Systems 8(3), 203–236 (2004)CrossRefzbMATHGoogle Scholar
  2. 2.
    Castro, J., Kolp, M., Mylopoulos, J.: Towards Requirements-Driven Information Systems Engineering: The Tropos project. In: Information Systems, vol. (27), pp. 365–389. Elsevier, The Netherlands, Amsterdam (2002)Google Scholar
  3. 3.
    Devanbu, P., Stubblebine, S.: Software Engineering for Security: a Roadmap. In: Proceedings of the conference of The future of Software engineering (2000)Google Scholar
  4. 4.
    Giorgini, P., Mylopoulos, J., Nicchiarelli, E., Sebastiani, R.: Reasoning with Goal Models. In: Spaccapietra, S., March, S.T., Kambayashi, Y. (eds.) ER 2002. LNCS, vol. 2503, p. 167. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Huget, M.-P.: Nemo: An Agent-Oriented Software Engineering Methodology. In: Proceedings of OOPSLA Workshop on Agent-Oriented Methodologies, John Debenham, Brian Henderson-Sellers, Nicholas Jennings and James Odell, Seattle, USA (November 2002)Google Scholar
  6. 6.
    Jennings, N.R., Wooldridge, M.: Agent–Oriented Software Engineering. In: Garijo, F.J., Boman, M. (eds.) MAAMAW 1999. LNCS, vol. 1647. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  7. 7.
    Kolp, M., Giorgini, P., Mylopoulos, J.: A Goal-Based Organizational Perspective on Multi-Agent Architectures. In: Meyer, J.-J.C., Tambe, M. (eds.) ATAL 2001. LNCS (LNAI), vol. 2333, p. 128. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Kosters, G., Pagel, B.U., Winter, M.: Coupling Use Cases and Class Models. In: Proceedings of the BCS-FACS/EROS workshop on Making Object Oriented Methods More Rigorous, Imperial College, London (1997)Google Scholar
  9. 9.
    Lehtonen, S., Pärssinen, J.: A Pattern Language for Cryptographic Key Management. In: Proceedings of the 7th European Conference on Pattern Languages of Programs (EuroPLoP), Irsee, Germany (June 2002)Google Scholar
  10. 10.
    Liu, L., Yu, E., Mylopoulos, J.: Analyzing Security Requirements as Relationships Among Strategic Actors. In: 2nd Symposium on Requirements Engineering for Information Security (SREIS 2002), Raleigh, North Carolina (2002)Google Scholar
  11. 11.
    Mouratidis, H., Giorgini, P., Manson, G., Philp, I.: A Natural Extension of Tropos Methodology for Modelling Security. In: Proceedings of the Agent Oriented Methodologies Workshop (OOPSLA 2002), Seattle, USA (November 2002)Google Scholar
  12. 12.
    Mouratidis, H.: A Secuirty Oriented Approach in the Development of Multiagent Systems: Applied to the Management of the Health and Social Care Needs of Older People in England. PhD thesis, University of Sheffield (2004)Google Scholar
  13. 13.
    Mouratidis, H., Giorgini, P., Manson, G.: Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems. In: Eder, J., Missikoff, M. (eds.) CAiSE 2003. LNCS, vol. 2681. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Mouratidis, H., Giorgini, P., Manson, G.: Modelling secure multiagent systems. In: Proceedings of the Second International Joint Conference on Autonomous Agents & Multiagent Systems, AAMAS 2003, Melbourne, Victoria, Australia, July 14-18, pp. 859–866. ACM, New York (2003)CrossRefGoogle Scholar
  15. 15.
    Mouratidis, H., Giorgini, P., Schumacher, M., Manson, M.: Security Patterns for Agent Systems. In: Proceedings of the Eight European Conference on Pattern Languages of Programs (EuroPLoP), Irsee, Germany (June 2003)Google Scholar
  16. 16.
    Mouratidis, H., Philp, I., Manson, G.: A Novel Agent-Based System to Support the Single Assessment Process for Older People. Journal of Health Informatics 3(9), 149–163 (2003)CrossRefGoogle Scholar
  17. 17.
    National Research Council, Computer At Risk: Safe Computing in the Information Age, National Academy Press, Washington, D.C., USA (1991) Google Scholar
  18. 18.
    Norman, L., Kert, J., Vlissides, M., Coplien, J.-O.: Pattern Languages of Program Design 2. Addison Wesley Publishing, Reading (1996)Google Scholar
  19. 19.
    Schumacher, M., Roedig, R.: Security Engineering with Patterns. In: Proceedings of the 8th Conference on Pattern Languages for Programs (PLoP 2001), Illinois-USA (September 2001)Google Scholar
  20. 20.
    Yoder, J., Barcalow, J.: Architectural Patterns for Enabling Application Security. In: Proceedings of the 4th Conference on Pattern Languages of Programs (PLoP 1997), Monticello, Illinois, USA (September 1997)Google Scholar
  21. 21.
    Yu, E., Cysneiros, L.: Designing for Privacy and Other Competing Requirements. In: 2nd Symposium on Requirements Engineering for Information Security (SREIS 2002), Raleigh, North Carolina (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • H. Mouratidis
    • 1
  • P. Giorgini
    • 2
  1. 1.School of Computing and TechnologyUniversity of East LondonEngland
  2. 2.Department of Information and Communication TechnologyUniversity of TrentoItaly

Personalised recommendations