Analysing Security Requirements of Information Systems using Tropos

Security is an important issue when developing complex information systems, however very little work has been done in integrating security concerns during the analysis of information systems. Current methodologies fail to adequately integrate security and systems engineering, basically because they lack concepts and models as well as a systematic approach towards security. We believe that security should be considered during the whole development process and it should be defined together with the requirements specification. This paper introduces extensions to the Tropos methodology to accommodate security. A description of new concepts is given along with an explanation of how these concepts are integrated to the current stages of Tropos. The above is illustrated using an agent-based health and social care information system as a case study

Modelling Requirements for Content Recommendation Systems

This paper addresses the modelling of requirements for a content Recommendation System (RS) for Online Social Networks (OSNs). On OSNs, a user switches roles constantly between content generator and content receiver. The goals and softgoals are different when the user is generating a post, as opposed as replying to a post. In other words, the user is generating instances of different entities, depending on the role she has: a generator generates instances of a "post", while the receiver generates instances of a "reply". Therefore, we believe that when addressing Requirements Engineering (RE) for RS, it is necessary to distinguish these roles clearly. We aim to model an essential dynamic on OSN, namely that when a user creates (posts) content, other users can ignore that content, or themselves start generating new content in reply, or react to the initial posting. This dynamic is key to designing OSNs, because it influences how active users are, and how attractive the OSN is for existing, and to new users. We apply a well-known Goal Oriented RE (GORE) technique, namely i-star, and show that this language fails to capture this dynamic, and thus cannot be used alone to model the problem domain. Hence, in order to represent this dynamic, its relationships to other OSNs' requirements, and to capture all relevant information, we suggest using another modelling language, namely Petri Nets, on top of i-star for the modelling of the problem domain. We use Petri Nets because it is a tool that is used to simulate the dynamic and concurrent activities of a system and can be used by both practitioners and theoreticians.Comment: 28 pages, 7 figure

A Literature Survey of the Development Processes for Secure Software

Turvalise tarkvara arendusprotsessidel on tähtis roll turvalise tarkvara kavandamisel, aga erinevate arendusprotsessidel vahel on rakse valikut teha ilma nendevahelie võrdluseta. Veel enam peale arendusprotsessi rakendamist tuleb valida meetodid, mida kasutada selle arendusprotsessi rakendamisel. Meetodite valikul tekib aga probleem, sest arendusprotsessides ei ole öeldud, milliseid meetodeid tuleks kasutada, et täita vajalikud tegevused turvalise tarkvara arendamiseks. Selle töö raames me võrdleme kolme erinevat turvalise tarkvara arendusprotsessi: Microsoft Security Development Lifecycle, OWASP CLASP ja Cigital’s Security Touchpoints. Järgmisena me keskendume valitud arendusprotsesside faasile, mis käsitleb turvariskide haldust ja viime läbi uuringu, et teada saada, mis on tänapäevased turvariski meetodid. Me anname nendest meetoditest lühikokkuvõtte ja võrdleme neid omavahel, mis loodetavasti lihtustab nende vahel valimist. Me koostame veel leitud meetoditest ühise vaate, mis aitab kaasa kõigi arendusprotsesside poolt pakutud tegevuste täitmisele selle faasis. See on vajalik, sest riskihaldus mängib suurt rolli turvalise tarkvara arendamisel ja erinevate riskihaldus meetodite kombineerimist saab kasutada, et avastada rohkem riske loodavast tarkvarast ja hiljem neid riske korrektselt leevendada.Secure software development processes are critical part of designing secure software. However, it is hard for the various stakeholders to make the decision about which software development process to choose without a comparison between them. Even further, after choosing the process, stakeholders have to decide which methods and techniques to use to fulfil activities required to develop secure software development processes. This is a problem, because there are a number of methods a stakeholder could use to fulfil these activities, but no explicit links between a method and development process. In this thesis firstly we perform comparison of three secure system development approaches namely Microsoft Security Development Lifecycle, OWASP CLASP and Cigital’s Security Touchpoints. In the next step we focus on step within these approaches, namely the security risk management and carry out an analytical survey to find out current methods for security risk management. We give a short overview and comparison between found methods, which potentially will help stakeholders to select their approach for designing secure software with the focus on security risk analysis. We also provide them with opportunity to perform all activities required in risk analysis phase of the development by giving them an aggregate view of risk management methods. This is essential, because risk analysis is a major part of developing secure software and combining different techniques can be used to discover and mitigate more risks in software under development

Using a situational method engineering approach to identify reusable method fragments from the secure TROPOS methodology

Situational method engineering (SME) has as a focus a repository of method fragments, gleaned from extant methodologies and best practice. Using one such example, the OPF (OPEN Process Framework) repository, we identify deficiencies in the current SME support for securityrelated issues in the context of agent-oriented software engineering. Specifically, theoretical proposals for the development of reusable security-related method fragments from the agent-oriented methodology Secure Tropos are discussed. Since the OPF repository has already been enhanced by fragments from Tropos and other non-security-focussed agent-oriented software development methodologies, the only method fragments from Secure Tropos not already contained in this repository are those that are specifically security-related. These are identified, clearly defined and recommended for inclusion in the current OPF repository of method fragments. ©JOT 2010

A Literature Survey of the Development Processes for Secure Software

Turvalise tarkvara arendusprotsessidel on tähtis roll turvalise tarkvara kavandamisel, aga erinevate arendusprotsessidel vahel on rakse valikut teha ilma nendevahelise võrdluseta. Veel enam peale arendusprotsessi rakendamist tuleb valida meetodid, mida kasutada selle arendusprotsessi rakendamisel. Meetodite valikul tekib aga probleem, sest arendusprotsessides ei ole öeldud, milliseid meetodeid tuleks kasutada, et täita vajalikud tegevused turvalise tarkvara arendamiseks. Selle töö raames me võrdleme kolme erinevat turvalise tarkvara arendusprotsessi: Microsoft Security Development Lifecycle, OWASP CLASP ja Cigital’s Security Touchpoints. Järgmisena me keskendume valitud arendusprotsesside faasile, mis käsitleb turvariskide haldust ja viime läbi uuringu, et teada saada, mis on tänapäevased turvariski meetodid. Me anname nendest meetoditest lühikokkuvõtte ja võrdleme neid omavahel, mis loodetavasti lihtsustab nende vahel valimist. Me koostame veel leitud meetoditest ühise vaate, mis aitab kaasa kõigi arendusprotsesside poolt pakutud tegevuste täitmisele selle faasis. See on vajalik, sest riskihaldus mängib suurt rolli turvalise tarkvara arendamisel ja erinevate riskihaldus meetodite kombineerimist saab kasutada, et avastada rohkem riske loodavast tarkvarast ja hiljem neid riske korrektselt leevendada.Secure software development processes are critical part of designing secure software. However, it is hard for the various stakeholders to make the decision about which software development process to choose without a comparison between them. Even further, after choosing the process, stakeholders have to decide which methods and techniques to use to fulfil activities required to develop secure software development processes. This is a problem, because there are a number of methods a stakeholder could use to fulfil these activities, but no explicit links between a method and development process. In this thesis firstly we perform comparison of three secure system development approaches namely Microsoft Security Development Lifecycle, OWASP CLASP and Cigital’s Security Touchpoints. In the next step we focus on step within these approaches, namely the security risk management and carry out an analytical survey to find out current methods for security risk management. We give a short overview and comparison between found methods, which potentially will help stakeholders to select their approach for designing secure software with the focus on security risk analysis. We also provide them with opportunity to perform all activities required in risk analysis phase of the development by giving them an aggregate view of risk management methods. This is essential, because risk analysis is a major part of developing secure software and combining different techniques can be used to discover and mitigate more risks in software under development