Using a situational method engineering approach to identify reusable method fragments from the secure TROPOS methodology

Situational method engineering (SME) has as a focus a repository of method fragments, gleaned from extant methodologies and best practice. Using one such example, the OPF (OPEN Process Framework) repository, we identify deficiencies in the current SME support for securityrelated issues in the context of agent-oriented software engineering. Specifically, theoretical proposals for the development of reusable security-related method fragments from the agent-oriented methodology Secure Tropos are discussed. Since the OPF repository has already been enhanced by fragments from Tropos and other non-security-focussed agent-oriented software development methodologies, the only method fragments from Secure Tropos not already contained in this repository are those that are specifically security-related. These are identified, clearly defined and recommended for inclusion in the current OPF repository of method fragments. ©JOT 2010

To Comply Software and IT System Development with Related Laws

. Accretion procedure of crimes and security breaches against the privacy of individual’s information and their maintenance information systems has cost huge amount of financial and other resources loose. Consequently governments take serious actions toward approving protective legislation against cyber crimes and it will be duty of software developers to adopt policies and measures to ensure that their designed systems are compatible with existing laws and their amendments. Since information technology and legislation are two quite distinct sciences, existence of a mechanism to do this adjustment and satisfy security and legal requirements of a designing software system is very essential. This paper is representing a framework that will help IT professionals to extract security requirements from relevant rules and use them in design of a system which is in accordance with those rules. It is giving brief discussion of the framework’s methodology and design of a simulating computer-aided system of this framework. It also reports the research progress and new discovered conclusions

Vulnerability prediction for secure healthcare supply chain service delivery

Healthcare organisations are constantly facing sophisticated cyberattacks due to the sensitivity and criticality of patient health care information and wide connectivity of medical devices. Such attacks can pose potential disruptions to critical services delivery. There are number of existing works that focus on using Machine Learning(ML) models for pre-dicting vulnerability and exploitation but most of these works focused on parameterized values to predict severity and exploitability. This paper proposes a novel method that uses ontology axioms to define essential concepts related to the overall healthcare ecosystem and to ensure semantic consistency checking among such concepts. The application of on-tology enables the formal specification and description of healthcare ecosystem and the key elements used in vulnerabil-ity assessment as a set of concepts. Such specification also strengthens the relationships that exist between healthcare-based and vulnerability assessment concepts, in addition to semantic definition and reasoning of the concepts. Our work also makes use of Machine Learning techniques to predict possible security vulnerabilities in health care supply chain services. The paper demonstrates the applicability of our work by using vulnerability datasets to predict the exploitation. The results show that the conceptualization of healthcare sector cybersecurity using an ontological approach provides mechanisms to better understand the correlation between the healthcare sector and the security domain, while the ML algorithms increase the accuracy of the vulnerability exploitability prediction. Our result shows that using Linear Regres-sion, Decision Tree and Random Forest provided a reasonable result for predicting vulnerability exploitability

Security analysis of mobile edge computing in virtualized small cell networks

Based upon the context of Mobile Edge Computing (MEC) actual research and within the innovative scope of the SESAME EU-funded research project, we propose and assess a framework for security analysis applied in virtualised Small Cell Networks, with the aim of further extending MEC in the broader 5G environment. More specifically, by applying the fundamental concepts of the SESAME original architecture that aims at providing enhanced multi-tenant MEC services through Small Cells coordination and virtualization, we focus on a realistic 5G-oriented scenario enabling the provision of large multi-tenant enterprise services by using MEC. Then we evaluate several security issues by using a formal methodology, known as the Secure Tropos

Enhancing secure Tropos to effectively deal with security requirements in the development of multiagent systems

The consideration of security requirements in the development of multi-agent systems is a very difficult task. However, only few approaches have been proposed that try to integrate security issues as internal part of the development process. Amongst them, secure Tropos has been proposed as a structured approach towards the consideration of security issues in the development of multiagent systems. In this paper we enhance secure Tropos by integrating to its stages: (i) a process for selecting amongst alternative architectural styles using as criteria the security requirements of the system; (ii) a pattern-based approach to transform security requirements to design, and (iii) a security attack scenarios approach to test the developed solution. The electronic single assessment process (eSAP) case study is used to illustrate our approach

Adapting Secure Tropos for Security Risk Management during Early Phases of the Information Systems Development

Security is a major target for today’s information systems (IS) designers. Security modelling languages exist to reason on security in the early phases of IS development, when the most crucial design decisions are made. Reasoning on security involves analysing risk, and effectively communicating risk-related information. However, we think that current languages can be improved in this respect. In this paper, we discuss this issue for Secure Tropos, the language supporting the eponymous agent-based IS development. We analyse it and suggest improvements in the light of an existing reference model for IS security risk management. This allows for checking Secure Tropos concepts and terminology against those of current risk management standards, thereby improving the conceptual appropriateness of the language. The paper follows a running example, called eSAP, located in the healthcare domain

Ontology-Based Support for Security Requirements Specification Process

The security requirements specification (SRS) is an integral aspect of the development of secured information systems and entails the formal documentation of the security needs of a system in a correct and consistent way. However, in many cases there is lack of sufficiently experienced security experts or security requirements (SR) engineer within an organization, which limits the quality of SR that are specified. This paper presents an approach that leverages ontologies and requirements boilerplates in order to alleviate the effect of lack of highly experienced personnel for SRS. It also offers a credible starting point for the SRS process. A preliminary evaluation of the tool prototype – ReqSec tool - was used to demonstrate the approach and to confirm its usability to support the SRS process. The tool helps to reduce the amount of effort required, stimulate discovery of latent security threats, and enables the specification of good quality SR