Using a situational method engineering approach to identify reusable method fragments from the secure TROPOS methodology

Situational method engineering (SME) has as a focus a repository of method fragments, gleaned from extant methodologies and best practice. Using one such example, the OPF (OPEN Process Framework) repository, we identify deficiencies in the current SME support for securityrelated issues in the context of agent-oriented software engineering. Specifically, theoretical proposals for the development of reusable security-related method fragments from the agent-oriented methodology Secure Tropos are discussed. Since the OPF repository has already been enhanced by fragments from Tropos and other non-security-focussed agent-oriented software development methodologies, the only method fragments from Secure Tropos not already contained in this repository are those that are specifically security-related. These are identified, clearly defined and recommended for inclusion in the current OPF repository of method fragments. ©JOT 2010

Within-person configurations and temporal relations of personal and perceived parent-promoted life goals to school correlates among adolescents

Cataloged from PDF version of article.Grounded in self-determination theory, this longitudinal study examined the academic correlates of middle and high school students' (N = 923; 33.4% male) intrinsic and extrinsic aspirations (i.e., life goals) and the type of aspirations that they perceive their parents to promote to them. Person-centered analysis revealed 3 meaningful groups: a relatively high intrinsic aspiration group, a relatively moderate intrinsic aspiration group, and a relatively high-intrinsic and high-extrinsic aspiration group. Tukey post hoc comparisons indicated that students in the high intrinsic aspiration group scored higher on mastery-approach goals, effort regulation, and grades than students in the other 2 groups and lower on performance-approach goals and test anxiety than students in the high-high aspiration group. A match between learners' own aspiration profile and the perceived parent-promoted aspiration profile did not alter these between-group differences. Further, intrapersonal fluctuations of intrinsic aspirations covaried with mastery-approach goals over a 1-year time interval, while extrinsic aspirations covaried with performance-approach goals and test anxiety in the same period; none of these within-person associations were consistently moderated by between-student differences in perceived parental aspiration promotion. Instead, perceived parent-promoted intrinsic and extrinsic aspirations were, respectively, positive and negative predictors of between-student differences in positive school functioning. The present results highlight the importance of endorsing and promoting intrinsic aspirations for school adjustment. © 2013 American Psychological Association

Ontology-Based Support for Security Requirements Specification Process

The security requirements specification (SRS) is an integral aspect of the development of secured information systems and entails the formal documentation of the security needs of a system in a correct and consistent way. However, in many cases there is lack of sufficiently experienced security experts or security requirements (SR) engineer within an organization, which limits the quality of SR that are specified. This paper presents an approach that leverages ontologies and requirements boilerplates in order to alleviate the effect of lack of highly experienced personnel for SRS. It also offers a credible starting point for the SRS process. A preliminary evaluation of the tool prototype – ReqSec tool - was used to demonstrate the approach and to confirm its usability to support the SRS process. The tool helps to reduce the amount of effort required, stimulate discovery of latent security threats, and enables the specification of good quality SR

Evaluating cloud deployment scenarios based on security and privacy requirements

Migrating organisational services, data and application on the Cloud is an important strategic decision for organisations due to the large number of benefits introduced by the usage of cloud computing, such as cost reduction and on demand resources. Despite, however, of the many benefits, there are challenges and risks for cloud adaption related to (amongst others) data leakage, insecure APIs, and shared technology vulnerabilities. These challenges need to be understood and analysed in the context of an organisation relevant cloud computing deployment models. Although, the literature provides a large number of references to works that consider cloud computing security issues, no work has been provided, to our knowledge, which supports the elicitation of security and privacy requirements and the selection of an appropriate cloud deployment model based on such requirements. This work contributes towards this gap. In particular, we propose a requirements engineering framework to support the elicitation of security and privacy requirements and the selection of an appropriate deployment model based on the elicited requirements. Our framework provides a modelling language that builds on concepts from requirements, security, privacy and cloud engineering and a systematic process. We use a real case study, based on the Greek National Gazette, to demonstrate the applicability of our work

Security challenges of small cell as a service in virtualized mobile edge computing environments

Research on next-generation 5G wireless networks is currently attracting a lot of attention in both academia and industry. While 5G development and standardization activities are still at their early stage, it is widely acknowledged that 5G systems are going to extensively rely on dense small cell deployments, which would exploit infrastructure and network functions virtualization (NFV), and push the network intelligence towards network edges by embracing the concept of mobile edge computing (MEC). As security will be a fundamental enabling factor of small cell as a service (SCaaS) in 5G networks, we present the most prominent threats and vulnerabilities against a broad range of targets. As far as the related work is concerned, to the best of our knowledge, this paper is the first to investigate security challenges at the intersection of SCaaS, NFV, and MEC. It is also the first paper that proposes a set of criteria to facilitate a clear and effective taxonomy of security challenges of main elements of 5G networks. Our analysis can serve as a staring point towards the development of appropriate 5G security solutions. These will have crucial effect on legal and regulatory frameworks as well as on decisions of businesses, governments, and end-users

A survey of security issue in multi-agent systems

Multi-agent systems have attracted the attention of researchers because of agents' automatic, pro-active, and dynamic problem solving behaviors. Consequently, there has been a rapid development in agent technology which has enabled us to provide or receive useful and convenient services in a variety of areas such as banking, transportation, e-business, and healthcare. In many of these services, it is, however, necessary that security is guaranteed. Unless we guarantee the security services based on agent-based systems, these services will face significant deployment problems. In this paper, we survey existing work related to security in multi-agent systems, especially focused on access control and trust/reputation, and then present our analyses. We also present existing problems and discuss future research challenges. © Springer Science+Business Media B.V 2011