{"title":"使用基于信任的概念建模安全性","authors":"Michalis Pavlidis, H. Mouratidis, Shareeful Islam","doi":"10.4018/jsse.2012040102","DOIUrl":null,"url":null,"abstract":"Security modelling and analysing not only require solving technical problems but also reasoning on the organization as a whole for the development of a secure system. Assumptions exist about trust relationships among actors within the system environment, which play an important role in modelling and analysing security. Such assumptions are critical and must be analysed systematically for ensuring the overall system security. In this paper, the authors introduce trust-based concepts to identify these trust assumptions, and integrate the trust concepts with security concepts for the development of secure software systems. For this purpose, Secure Tropos' security modelling activities are extended with trust modelling activities based on the trust-based concepts. The CASE tool SecTro was extended to include the notation of the trust-based concepts to support the methodology. Finally, a running example from the UK National Health Service NHS domain is used to demonstrate how trust can be used for security modelling.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"34 1","pages":"36-53"},"PeriodicalIF":0.0000,"publicationDate":"2012-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":"{\"title\":\"Modelling Security Using Trust Based Concepts\",\"authors\":\"Michalis Pavlidis, H. Mouratidis, Shareeful Islam\",\"doi\":\"10.4018/jsse.2012040102\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security modelling and analysing not only require solving technical problems but also reasoning on the organization as a whole for the development of a secure system. Assumptions exist about trust relationships among actors within the system environment, which play an important role in modelling and analysing security. Such assumptions are critical and must be analysed systematically for ensuring the overall system security. In this paper, the authors introduce trust-based concepts to identify these trust assumptions, and integrate the trust concepts with security concepts for the development of secure software systems. For this purpose, Secure Tropos' security modelling activities are extended with trust modelling activities based on the trust-based concepts. The CASE tool SecTro was extended to include the notation of the trust-based concepts to support the methodology. Finally, a running example from the UK National Health Service NHS domain is used to demonstrate how trust can be used for security modelling.\",\"PeriodicalId\":89158,\"journal\":{\"name\":\"International journal of secure software engineering\",\"volume\":\"34 1\",\"pages\":\"36-53\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-04-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"20\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International journal of secure software engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/jsse.2012040102\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International journal of secure software engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/jsse.2012040102","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security modelling and analysing not only require solving technical problems but also reasoning on the organization as a whole for the development of a secure system. Assumptions exist about trust relationships among actors within the system environment, which play an important role in modelling and analysing security. Such assumptions are critical and must be analysed systematically for ensuring the overall system security. In this paper, the authors introduce trust-based concepts to identify these trust assumptions, and integrate the trust concepts with security concepts for the development of secure software systems. For this purpose, Secure Tropos' security modelling activities are extended with trust modelling activities based on the trust-based concepts. The CASE tool SecTro was extended to include the notation of the trust-based concepts to support the methodology. Finally, a running example from the UK National Health Service NHS domain is used to demonstrate how trust can be used for security modelling.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
