{"title":"通过承诺进行安全需求工程","authors":"F. Dalpiaz, E. Paja, P. Giorgini","doi":"10.1109/STAST.2011.6059249","DOIUrl":null,"url":null,"abstract":"Security Requirements Engineering (SRE) is concerned with the elicitation of security needs and the specification of security requirements of the system-to-be. Current approaches to SRE either express stakeholders' needs via high-level organisational abstractions that are hard to map to system design, or specify only technical security requirements. In this paper, we introduce SecCo, an SRE framework that starts with goal-oriented modelling of the security needs and derives security requirements from such needs. Importantly, SecCo relates security requirements to the interaction among actors. Security requirements are specified as social commitments — promises with contractual validity from one actor to another — that define constraints on the way actors can interact. These commitments shall be implemented by the system-to-be.","PeriodicalId":293851,"journal":{"name":"2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"49","resultStr":"{\"title\":\"Security requirements engineering via commitments\",\"authors\":\"F. Dalpiaz, E. Paja, P. Giorgini\",\"doi\":\"10.1109/STAST.2011.6059249\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security Requirements Engineering (SRE) is concerned with the elicitation of security needs and the specification of security requirements of the system-to-be. Current approaches to SRE either express stakeholders' needs via high-level organisational abstractions that are hard to map to system design, or specify only technical security requirements. In this paper, we introduce SecCo, an SRE framework that starts with goal-oriented modelling of the security needs and derives security requirements from such needs. Importantly, SecCo relates security requirements to the interaction among actors. Security requirements are specified as social commitments — promises with contractual validity from one actor to another — that define constraints on the way actors can interact. These commitments shall be implemented by the system-to-be.\",\"PeriodicalId\":293851,\"journal\":{\"name\":\"2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST)\",\"volume\":\"36 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-11-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"49\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/STAST.2011.6059249\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/STAST.2011.6059249","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security Requirements Engineering (SRE) is concerned with the elicitation of security needs and the specification of security requirements of the system-to-be. Current approaches to SRE either express stakeholders' needs via high-level organisational abstractions that are hard to map to system design, or specify only technical security requirements. In this paper, we introduce SecCo, an SRE framework that starts with goal-oriented modelling of the security needs and derives security requirements from such needs. Importantly, SecCo relates security requirements to the interaction among actors. Security requirements are specified as social commitments — promises with contractual validity from one actor to another — that define constraints on the way actors can interact. These commitments shall be implemented by the system-to-be.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
