Abstract
Secure Tropos, an extension of the Tropos methodology, considers security requirements alongside functional requirements, from the early stages of the system development process.The Secure Tropos language uses security concepts such as security constraint, secure goal, secure plan, secure resource, and threat to capture the security concepts from both social and organisational settings. These concepts are used to model and reason about security for a specific system context. This paper presents a CASE tool, called SecTro, which supports automated modelling and analysis of security requirements based on Secure Tropos. The tool’s architecture, layout, and functionalities are demonstrated through a real world example using the Secure Tropos concepts.
Chapter PDF
Similar content being viewed by others
References
Islam, S., Mouratidis, H., Jürjens, J.: A Framework to Support Alignment of Secure Software Engineering with Legal Regulations. Journal of Software and Systems Modeling (SoSyM), Theme Section on Non-Functional System Properties in Domain-Specific Modeling Languages (NFPinDSML) 10(3), 369–394 (2011)
Islam, S., Mouratidis, H., Wagner, S.: Towards a Framework to Elicit and Manage Security and Privacy Requirements from Laws and Regulations. In: Wieringa, R., Persson, A. (eds.) REFSQ 2010. LNCS, vol. 6182, pp. 255–261. Springer, Heidelberg (2010)
Mouratidis, H., Giorgini, P.: Integrating Security and Software Engineering: Future Vision and Challenges. In: Mouratidis, H., Giorgini, P. (eds.) Integrating Security and Software Engineering: Advances and Future Visions. Idea Group Publishing, London (2007)
Houmb, S.H., Islam, S., Knauss, E., Jürjens, J., Schneider, K.: Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec. Requirements Engineering Journal 15(1), 63–93 (2010)
Schneider, K., Knauss, E., Houmb, S.H., Islam, S., Jürjens, J.: Enhancing Security Requirements Engineering by Organisational Learning. Requirements Engineering Journal (REJ), Special Issue on REFSQ (2011)
Mouratidis, H., Giorgini, P.: Secure Tropos: A Security-Oriented Extension of the Tropos Methodology. International Journal of Software Engineering and Knowledge Engineering 17(2), 285–309 (2007)
Giorgini, P., Mouratidis, H., Zannone, N.: Modelling Security and Trust with Secure Tropos. In: Mouratidis, H., Giorgini, P. (eds.) Integrating Security and Software Engineering: Advances and Future Visions. Idea Group Publishing, London (2007)
Matulevicious, R.: Summary of Secure Tropos Metamodel. Internal Report, University of Namur (2008)
Pavlidis, M., Islam, S.: SecTro: A CASE Tool for Modelling Security in Requirements Engineering using Secure Tropos. In: Nurcan, S. (ed.) Proceedings of the Conference on Advanced Information Systems Engineering (CAiSE) Forum, London, pp. 89–96 (2011)
SecTro | Homepage, http://sectro.securetropos.org/
Mouratidis, H., Giorgini, P.: Security Attack Testing (SAT) – Testing the Security of Information Systems at Design Time. Journal of Information Systems 32, 1166–1183 (2007)
OpenOME, https://se.cs.toronto.edu/trac/ome/
Grau, G., Franch, X., Maiden, N.: REDEPEND-REACT: An Architecture Analysis Tool. In: 13th IEEE International Conference on Requirements Engineering, Paris, pp. 455–456 (2005)
Morandini, M., Nguyen, D.C., Perini, A., Siena, A., Susi, A.: Tool-Supported Development with Tropos: The Conference Management System Case Study. In: Luck, M., Padgham, L. (eds.) AOSE 2007. LNCS, vol. 4951, pp. 182–196. Springer, Heidelberg (2008)
Giorgini, P., Mylopoulos, J., Sebastiani, R.: Goal-Oriented Requirements Analysis and Reasoning in Tropos Methodology. Journal of Engineering Applications of Artificial Intelligence 18(2), 159–171 (2005)
Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: ST-Tool: A CASE Tool for Security Requirements Engineering. In: 13th IEEE International Conference on Requirements Engineering, Paris, pp. 451–452 (2005)
Grau, G., Franch, X., Avila, S.: J-PRiM: A Java Tool for a Process Reengineering i* Methodology. In: 14th IEEE International Conference on Requirements Engineering, Minneapolis, pp. 359–360 (2006)
Gans, G., Lakemeyer, G., Jarke, M., Vits, T.: SNet: A Modeling and Simulation Environment for Agent Networks Based on i* and ConGolog. In: Pidduck, A.B., Mylopoulos, J., Woo, C.C., Ozsu, M.T. (eds.) CAiSE 2002. LNCS, vol. 2348, pp. 328–343. Springer, Heidelberg (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pavlidis, M., Islam, S., Mouratidis, H. (2012). A CASE Tool to Support Automated Modelling and Analysis of Security Requirements, Based on Secure Tropos. In: Nurcan, S. (eds) IS Olympics: Information Systems in a Diverse World. CAiSE 2011. Lecture Notes in Business Information Processing, vol 107. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29749-6_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-29749-6_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29748-9
Online ISBN: 978-3-642-29749-6
eBook Packages: Computer ScienceComputer Science (R0)