Abstract
Because an information system is used in different activities simultaneously today, we have to analyze usages of the system in the existing activities and to-be usages in an intended activity together. Especially, security aspects should be carefully analyzed because existing activities are not always secure. We propose a security requirements analysis method for resolving this problem. To take both existing and intended activities into account together, we integrate them on the basis of the unification of common actors. To explore possible attacks under integrated activities, we enumerate achievable attacks on the basis of the possible means in each actor with the help of security knowledge. To avoid or mitigate the attacks and to achieve fundamental goals, we disable some means or narrow down the means to be monitored with the help of propositional logic formulae. Through case studies on insurance business, we illustrated our idea.
Chapter PDF
References
Yu, E.S.K.: Towards modeling and reasoning support for early-phase requirements engineering. In: RE, pp. 226–235 (1997)
Yu, E., Giorgini, P., Maiden, N., Mylopoulos, J.: Social Modeling for Requirements Engineering. The MIT Press (2010) ISBN 0262240556
Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling security requirements through ownership, permission and delegation. In: RE, pp. 167–176 (2005)
Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. International Journal of Software Engineering and Knowledge Engineering 17(2), 285–309 (2007)
Sutcliffe, A.G.: Trust: From cognition to conceptual models and design. In: Martinez, F.H., Pohl, K. (eds.) CAiSE 2006. LNCS, vol. 4001, pp. 3–17. Springer, Heidelberg (2006)
Liu, L., Yu, E.S.K., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: RE, pp. 151–161 (2003)
Liu, L., Yu, E.S.K., Mylopoulos, J.: Secure-i*: Engineering secure software systems through social analysis. Int. J. Software and Informatics 3(1), 89–120 (2009)
Bresciani, P., Perini, A., Giorgini, P., Giunchiglia, F., Mylopoulos, J.: Tropos: An agent-oriented software development methodology. Autonomous Agents and Multi-Agent Systems 8(3), 203–236 (2004)
Blaine, J.D., Cleland-Huang, J.: Software Quality Requirements: How to Balance Competing Priorities. IEEE Software 25(2), 22–24 (2008)
Kaiya, H., Morita, S., Ogata, S., Kaijiri, K., Hayashi, S., Saeki, M.: Model Transformation Patterns for Introducing Suitable Information Systems. In: 19th Asia Pacific Software Engineering Conference, APSEC 2012, Hong Kong, pp. 434–439. IEEE CS (December 2012)
Frank Swiderski and Window Snyder. Threat Modeling. Microsoft Press (2004)
Yu, E., Castro, J., Perini, A.: Strategic Actors Modeling with i*. In: RE 2008, Tutorial (August 2008)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: ACM Conference on Computer and Communications Security, pp. 627–638 (2011)
Shibaoka, M., Kaiya, H., Saeki, M.: Goore: Goal-oriented and ontology driven requirements elicitation method. In: ER Workshops, pp. 225–234 (2007)
Honiden, S., Tahara, Y., Yoshioka, N., Taguchi, K., Washizaki, H.: Top se: Educating superarchitects who can apply software engineering tools to practical development in japan. In: ICSE, pp. 708–718 (2007)
Kaiya, H., Morita, S., Kaijiri, K., Hayashi, S., Saeki, M.: Facilitating business improvement by information systems using model transformation and metrics. In: CAiSE Forum, pp. 106–113 (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kaiya, H. et al. (2013). Goal-Oriented Security Requirements Analysis for a System Used in Several Different Activities. In: Franch, X., Soffer, P. (eds) Advanced Information Systems Engineering Workshops. CAiSE 2013. Lecture Notes in Business Information Processing, vol 148. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38490-5_43
Download citation
DOI: https://doi.org/10.1007/978-3-642-38490-5_43
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38489-9
Online ISBN: 978-3-642-38490-5
eBook Packages: Computer ScienceComputer Science (R0)