Skip to main content
SpringerLink
Log in

Holistic security requirements analysis for socio-technical systems

  • Regular Paper
  • Published:
Software & Systems Modeling Aims and scope Submit manuscript

Abstract

Security has been a growing concern for large organizations, especially financial and governmental institutions, as security breaches in the systems they depend on have repeatedly resulted in billions of dollars in losses per year, and this cost is on the rise. A primary reason for these breaches is that the systems in question are “socio-technical” a mix of people, processes, technology, and infrastructure. However, such systems are designed in a piecemeal rather than a holistic fashion, leaving parts of the system vulnerable. To tackle this problem, we propose a three-layer security analysis framework consisting of a social layer (business processes, social actors), a software layer (software applications that support the social layer), and an infrastructure layer (physical and technological infrastructure). In our proposal, global security requirements lead to local security requirements, cutting across conceptual layers, and upper-layer security analysis influences analysis at lower layers. Moreover, we propose a set of analytical methods and a systematic process that together drive security requirements analysis across the three layers. To support analysis, we have defined corresponding inference rules that (semi-)automate the analysis, helping to deal with system complexity. A prototype tool has been implemented to support analysts throughout the analysis process. Moreover, we have performed a case study on a real-world smart grid scenario to validate our approach.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20

Similar content being viewed by others

Notes

  1. A full version, http://disi.unitn.it/~li/SoSyM/exhaustive_refine.pdf.

  2. http://www.omnigroup.com/omnigraffle.

  3. http://www.dlvsystem.com/.

  4. The full model can also be found here, http://disi.unitn.it/~li/SoSyM/model_rtp.pdf.

  5. A more viewable version of the model can be found here, http://disi.unitn.it/~li/SoSyM/hsgm.pdf.

References

  1. Altuhhova, O., Matulevičius, R., Ahmed, N.: Towards definition of secure business processes. In: Bajec, M., Eder, J. (eds.) Advanced Information Systems Engineering Workshops, pp. 1–15. Springer, Berlin (2012)

  2. Araujo, I., Weiss, M.: Linking patterns and non-functional requirements. In: Proceedings of the Ninth Conference on Pattern Language of Programs (PLOP 2002) (2002)

  3. Asnar, Y., Massacci, F., Saidane, A., Riccucci, C., Felici, M., Tedeschi, A., El-Khoury, P., Li, K., Séguran, M., Zannone, N.: Organizational patterns for security and dependability: from design to application. Int. J. Secur. Softw. Eng. 2(3), 1–22 (2011)

    Article  Google Scholar 

  4. Asnar, Y., Li, T., Massacci, F., Paci, F.: Computer aided threat identification. In: 2011 IEEE 13th Conference on Commerce and Enterprise Computing (CEC), pp. 145–152. IEEE (2011)

  5. Bresciani, P., Perini, A., Giorgini, P., Giunchiglia, F., Mylopoulos, J.: Tropos: an agent-oriented software development methodology. Auton. Agents Multi-Agent Syst. 8(3), 203–236 (2004)

    Article  MATH  Google Scholar 

  6. Brown, B., Singletary, B., Willke, B., Bennett, C., Highfill, D., Houseman, D., Cleveland, F., Lipson, H., Ivers, J., Gooding, J., et al.: Ami System Security Requirements. UCA Int. Users Group, US Dept. Energy, Washington, DC, USA, Tech. Rep. UCAIUG: AMI-SEC-ASAP (2008)

  7. Carpenter, M., Goodspeed, T., Singletary, B., Skoudis, E., Wright, J.: Advanced Metering Infrastructure Attack Methodology. InGuardians white paper (2009)

  8. Chung, L.: Dealing with security requirements during the development of information systems. In: Rolland, C., Bodart, F., Cauvet C. (eds.) Advanced Information Systems Engineering. LNCS, vol. 685, pp. 234–251. Springer, Berlin (1993)

  9. Chung, L., Supakkul, S.: Representing nfrs and frs: a goal-oriented and use case driven approach. In: Dosch, W., Lee, R., Wu, C. (eds.) Software Engineering Research and Applications, LNCS, vol. 3647, pp. 29–41. Springer, Berlin (2006)

    Chapter  Google Scholar 

  10. Cuellar, J., Suppan, S.: A smart metering scenario. In: Network of Excellence on Engineering Secure Future Internet Software Services and Systems, eRISE, vol. 2013, (2013)

  11. Cui, X., Paige, R.: An integrated framework for system/software requirements development aligning with business motivations. In: 2012 IEEE/ACIS 11th International Conference on Computer and Information Science (ICIS), pp. 547–552 (2012)

  12. De Gea, J.M.C., Nicolás, J., Alemán, J.L.F., Toval, A., Ebert, C., Vizcaíno, A.: Requirements engineering tools: capabilities, survey and assessment. Inf. Softw. Technol. 54(10), 1142–1157 (2012)

    Article  Google Scholar 

  13. Eiter, T., Gottlob, G., Mannila, H.: Disjunctive datalog. ACM Trans. Database Syst. (TODS) 22(3), 364–418 (1997)

    Article  Google Scholar 

  14. Estrada, H., Rebollar, A.M., Pastor, O., Mylopoulos, J.: An empirical evaluation of the i* framework in a model-based software generation environment. In: Dubois, E., Pohl, K. (eds.) Advanced Information Systems Engineering, pp. 513–527. Springer, Berlin (2006)

  15. Fernandez, E.B.: Two patterns for web services security. In: International Conference on Internet Computing, pp. 801–807 (2004)

  16. Fernandez, E.B., Ballesteros, J., Desouza-Doucet, A.C., Larrondo-Petrie, M.M.: Security patterns for physical access control systems. In: Barker, S., Ahn G.J. (eds.) Data and Applications Security XXI, pp. 259–274. Springer, Berlin (2007)

  17. Fernandez, E.B., Fonoage, M., VanHilst, M., Marta, M.: The secure three-tier architecture pattern. In: CISIS, pp. 555–560 (2008)

  18. Fernandez-Buglioni, E.: Security Patterns in Practice: Designing Secure Architectures Using Software Patterns. Wiley, New York (2013)

    Google Scholar 

  19. Firesmith, D.: Specifying Reusable Security Requirements. J. Object Technol. 3(1), 61–75 (2004)

    Article  Google Scholar 

  20. Flick, T., Morehouse, J.: Securing the Smart Grid: Next Generation Power Grid Security. Elsevier, Amsterdam (2010)

    Google Scholar 

  21. Giorgini, P., Massacci, F., Zannone, N.: Security and trust requirements engineering. In: Aldini, A., Gorrieri, R., Martinelli, F. (eds.) Foundations of Security Analysis and Design III. LNCS, vol. 3655, pp. 237–272. Springer, Berlin (2005)

  22. Gross, D., Yu, E.: From non-functional requirements to design through patterns. Requir. Eng. 6(1), 18–36 (2001)

    Article  MATH  Google Scholar 

  23. Hafiz, M., Adamczyk, P., Johnson, R.E.: Organizing security patterns. IEEE Softw. 24(4), 52–60 (2007)

    Article  Google Scholar 

  24. Haley, C.B., Laney, R.C., Nuseibeh, B.: Deriving security requirements from crosscutting threat descriptions. In: Proceedings of the 3rd International Conference on Aspect-Oriented Software Development, pp. 112–121. ACM, New York (2004)

  25. Halleux, P., Mathieu, L., Andersson, B.: A method to support the alignment of business models and goal models. Proc. BUSITAL 8, 121 (2008)

    Google Scholar 

  26. Haren, V.: TOGAF Version 9.1. Van Haren Publishing, Berlin (2011)

  27. Hernan, S., Lambert, S., Ostwald, T., Shostack, A.: Threat modeling-uncover security design flaws using the stride approach. In: MSDN Magazine-Louisville, pp. 68–75 (2006)

  28. Herrmann, P., Herrmann, G.: Security requirement analysis of business processes. Electron. Commer. Res. 6(3–4), 305–335 (2006)

    Article  Google Scholar 

  29. Heyman, T., Yskout, K., Scandariato, R., Joosen, W.: An analysis of the security patterns landscape. In: Proceedings of the Third International Workshop on Software Engineering for Secure Systems (SESS), pp. 3–10. IEEE Computer Society (2007)

  30. Horkoff, J., Aydemir, F.B., Li, F.L., Li, T., Mylopoulos, J.: Evaluating modeling languages: an example from the requirements domain. In: Conceptual Modeling (ER 2014), pp. 260–274. Springer, Berlin (2014)

  31. Horkoff, J., Li, T., Li, F.L., Salnitri, M., Cardoso, E., Giorgini, P., Mylopoulos, J.: Using goal models downstream: a systematic roadmap and literature review. Int. J. Inf. Syst. Model. Des. 6(2), 1–42 (2015)

    Article  Google Scholar 

  32. Horkoff, J., Li, T., Li, F.L., Salnitri, M., Cardoso, E., Giorgini, P., Mylopoulos, J., Pimentel, J.: Taking goal models downstream: a systematic roadmap. In: 2014 IEEE Eighth International Conference on Research Challenges in Information Science (RCIS), pp. 1–12. IEEE (2014)

  33. Horkoff, J., Yu, E.: Finding solutions in goal models: an interactive backward reasoning approach. In: Parsons, J., Saeki, M., Shoval, P., Woo, C., Wand, Y. (eds.) Conceptual Modeling-ER 2010, pp. 59–75. Springer, Berlin (2010)

  34. Horkoff, J., Yu, E.: Analyzing goal models: different approaches and how to choose among them. In: Proceedings of the 2011 ACM Symposium on Applied Computing, pp. 675–682. ACM, New York (2011)

  35. Horkoff, J., Yu, E.: Comparison and evaluation of goal-oriented satisfaction analysis techniques. Requir. Eng. 18(3), 199–222 (2013)

    Article  Google Scholar 

  36. ISO/IEC 27002: Information Technology—Security Techniques—Code of Practice for Information Security Management (2005)

  37. ISO/IEC 27000: 2012 Information Technology—Security Techniques—Information Security Management Systems—Overview and Vocabulary. http://www.27000.org/ (2012)

  38. Jureta, I., Borgida, A., Ernst, N., Mylopoulos, J.: Techne: Towards a new generation of requirements modeling languages with goals, preferences, and inconsistency handling. In: Proceedings of the RE’10, pp. 115–124 (2010)

  39. Knuth, D.E.: The Art of Computer Programming: Sorting and Searching, vol. 3. Pearson Education, New York (1998)

    MATH  Google Scholar 

  40. Lankhorst, M.M., Proper, H.A., Jonkers, H.: The architecture of the archimate language. In: Halpin, T., Krogstie, J., Nurcan, S., Proper, E., Schmidt, R., Soffer, P., Ukor, R. (eds.) Enterprise, Business-Process and Information Systems Modeling, pp. 367–380. Springer, Berlin (2009)

  41. Lethbridge, T.C., Sim, S.E., Singer, J.: Studying software engineers: data collection techniques for software field studies. Empir. Softw. Eng. 10(3), 311–341 (2005)

    Article  Google Scholar 

  42. Li, T., Horkoff, J.: Dealing with security requirements for socio-technical systems: a holistic approach. In: Advanced Information Systems Engineering (CAiSE 2014), pp. 185–200. Springer, Berlin (2014)

  43. Li, T., Horkoff, J., Mylopoulos, J.: Integrating security patterns with security requirements analysis using contextual goal models. In: The Practice of Enterprise Modeling (PoEM 2014), pp. 208–223. Springer, Berlin (2014)

  44. Li, T., Horkoff, J., Mylopoulos, J.: A prototype tool for modeling and analyzing security requirements from a holistic viewpoint. In: The CAiSE’14 Forum at the 26th International Conference on Advanced Information Systems Engineering, pp. 185–192 (2014)

  45. Li, T., Horkoff, J., Mylopoulos, J.: Analyzing and enforcing security mechanisms on requirements specification. In: Requirements Engineering: Foundation for Software Quality (REFSQ 2015). Springer, Berlin (2015)

  46. Liu, L., Yu, E., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: Proceedings of the RE’03, vol. 3, pp. 151–161. Monterey, CA (2003)

  47. Massacci, F., Paci, F.: How to select a security requirements method? A comparative study with students and practitioners. In: Jøsang, A., Carlsson, B. (eds.) Secure IT Systems, pp. 89–104. Springer, Berlin (2012)

  48. Menzel, M., Thomas, I., Meinel, C.: Security requirements specification in service-oriented business process management. In: Proceedings of International Conference on Availability, Reliability and Security, 2009 (ARES’09), pp. 41–48. IEEE (2009)

  49. Mouratidis, H.: Secure software systems engineering: the secure tropos approach. J. Softw. 6(3), 331–339 (2011)

    Article  Google Scholar 

  50. Mouratidis, H., Giorgini, P.: A natural extension of tropos methodology for modelling security. In: Proceedings of the Agent Oriented Methodologies Workshop (OOPSLA 2002), Citeseer (2002)

  51. Mouratidis, H., Jurjens, J.: From goal-driven security requirements engineering to secure design. Int. J. Intell. Syst. 25(8), 813–840 (2010)

    Article  Google Scholar 

  52. NIST: Roadmap for Smart Grid Interoperability Standards, Release 2.0. NIST Special Publication 1108R2 (2012)

  53. Paja, E., Dalpiaz, F., Giorgini, P.: Managing security requirements conflicts in socio-technical systems. In: Ng, W., Storey, V.C., Trujillo, J.C. (eds.) Conceptual Modeling, pp. 270–283. Springer, Berlin (2013)

  54. Pimentel, J., Lucena, M., Castro, J., Silva, C., Santos, E., Alencar, F.: Deriving software architectural models from requirements models for adaptive systems: the stream-a approach. Requir. Eng. 17(4), 259–281 (2012)

    Article  Google Scholar 

  55. Ranjan, P., Misra, A.K.: Agent based system development: a domain-specific goal approach. ACM SIGSOFT Softw. Eng. Notes 31(6), 1–6 (2006)

    Article  Google Scholar 

  56. Rodríguez, A., Fernández-Medina, E., Trujillo, J., Piattini, M.: Secure business process model specification through a UML 2.0 activity diagram profile. Decis. Support Syst. 51(3):446–465 (2011)

  57. Rodríguez, A., de Guzmán, I.G.R., Fernández-Medina, E., Piattini, M.: Semi-formal transformation of secure business processes into analysis class and use case models: an mda approach. Inf. Softw. Technol. 52(9), 945–971 (2010)

  58. Runeson, P., Höst, M.: Guidelines for conducting and reporting case study research in software engineering. Empir. Softw. Eng. 14(2), 131–164 (2009)

    Article  Google Scholar 

  59. Scandariato, R., Yskout, K., Heyman, T., Joosen, W.: Architecting Software with Security Patterns. Tech. rep, KU Leuven (2008)

  60. Schneier, B.: Attack trees. Dr. Dobb’s J. 24(12), 21–29 (1999)

    Google Scholar 

  61. Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns: Integrating Security and Systems Engineering. Wiley, New York (2013)

    Google Scholar 

  62. Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requir. Eng. 10(1), 34–44 (2005)

    Article  Google Scholar 

  63. Souag, A., Mazo, R., Salinesi, C., Comyn-Wattiau, I.: Reusable knowledge in security requirements engineering: a systematic mapping study. Requir. Eng. 21(2), 251–283 (2016)

  64. Suleiman, H., Svetinovic, D.: Evaluating the effectiveness of the security quality requirements engineering (square) method: a case study using smart grid advanced metering infrastructure. Requir. Eng. 18(3), 251–279 (2013)

    Article  Google Scholar 

  65. TOG: Mapping the togaf adm to the zachman framework (2002). http://www.opengroup.org/architecture/0210can/togaf8/doc-review/togaf8cr/c/p4/zf/zf_mapping.htm

  66. Uzunov, A.V., Fernandez, E.B., Falkner, K.: Engineering security into distributed systems: a survey of methodologies. J. UCS 18(20), 2920–3006 (2012)

    Google Scholar 

  67. Uzunov, A.V., Fernandez, E.B., Falkner, K.: Ase: a comprehensive pattern-driven security methodology for distributed systems. Comput. Stand. Interfaces 41, 112–137 (2015)

    Article  Google Scholar 

  68. Van Lamsweerde, A., Letier, E.: Handling obstacles in goal-oriented requirements engineering. IEEE Trans. Softw. Eng. 26(10), 978–1005 (2000)

    Article  Google Scholar 

  69. Yoder, J., Barcalow, J.: Architectural patterns for enabling application security. In: Fourth Conference on Patterns Languages of Programs (PLoP’97) (1997)

  70. Yu, E.: Towards modelling and reasoning support for early-phase requirements engineering. In: Proceedings of the Third IEEE International Symposium on Requirement Engineering, pp. 226–235. IEEE Computer Society Press (1997)

  71. Zachman, J.A.: A framework for information systems architecture. IBM Syst. J. 26(3), 276–292 (1987)

    Article  Google Scholar 

  72. Zave, P., Jackson, M.: Four dark corners of requirements engineering. ACM Trans. Softw. Eng. Methodol. 6(1), 1–30 (1997)

    Article  Google Scholar 

Download references

Acknowledgments

Trento authors are supported by the ERC advanced Grant 267856, titled “Lucretius: Foundations for Software Evolution”. Jennifer Horkoff is supported by an ERC Marie Sklodowska-Curie Intra-European Fellowship (PIEF-GA-2013-627489), and by a Natural Sciences and Engineering Research Council of Canada Postdoctoral Fellowship (Sept. 2014–Aug. 2016).

Author information

Authors and Affiliations

  1. University of Trento, Trento, Italy

    Tong Li & John Mylopoulos

  2. City University, London, UK

    Jennifer Horkoff

Authors
  1. Tong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jennifer Horkoff
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. John Mylopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tong Li.

Additional information

Communicated by Prof. Ruth Breu.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Li, T., Horkoff, J. & Mylopoulos, J. Holistic security requirements analysis for socio-technical systems. Softw Syst Model 17, 1253–1285 (2018). https://doi.org/10.1007/s10270-016-0560-y

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10270-016-0560-y

Keywords

Search

Navigation