Security Patterns Meet Agent Oriented Software Engineering: A Complementary Solution for Developing Secure Information Systems

  • Haralambos Mouratidis
  • Michael Weiss
  • Paolo Giorgini
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3716)

Abstract

Agent Oriented Software Engineering and security patterns have been proposed as suitable paradigms for the development of secure information systems. However, so far, the proposed solutions are focused on one of these paradigms. In this paper we propose an agent oriented security pattern language and we discuss how it can be used together with the Tropos methodology to develop secure information systems. We also present a formalisation of our pattern language using Formal Tropos. This allows us to gain a deeper understanding of the patterns and their relationships, and thus to assess the completeness of the language.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Alexander, C., Ishikawa, S., Silverstein, M.: A Pattern Language: Towns, Buildings, Constructions. Oxford University Press, Oxford (1977)Google Scholar
  2. 2.
    Amoroso, E.: Fundamentals of Computer Security Technology. Prentice-Hall, Englewood Cliffs (1994)MATHGoogle Scholar
  3. 3.
    Bresciani, P., Giorgini, P., Giunchiglia, F., Mylopoulos, J., Perini, A.: TROPOS: An Agent Oriented Software Development Methodology. Journal of Autonomous Agents and Multi-Agent Systems 8(3), 203–236 (2004)CrossRefGoogle Scholar
  4. 4.
    Jürjens, J.: UMLsec: Extending UML for Secure Systems Development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)Google Scholar
  5. 5.
    Dardenne, A., van Lamsweerde, A., Fickas, S.: Goal-directed Requirements Acquisition. In: Science of Computer Programming, Special issue on the 6th International Workshop of Software Specification and Design (1991)Google Scholar
  6. 6.
    Fernandez, E., Pan, R.: A Pattern Language for Security Models. In: Conference on Patterns Languages of Programs, PLoP (2001)Google Scholar
  7. 7.
    Fuxman, A.: Formal Analysis of Early Requirements Specifications, MSc thesis, University of Toronto, Canada (2001)Google Scholar
  8. 8.
    Liu, L., Yu, E., Mylopoulos, J.: Analyzing Security Requirements as Relationships Among Strategic Actors. In: Symposium on Requirements Engineering for Information Security, SREIS (2002)Google Scholar
  9. 9.
    Mouratidis, H., Giorgini, P., Weiss, M.: Integrating Patterns and Agent-Oriented Methodologies to Provide Better Solutions for the Development of Secure Agent Systems, Hot Topic on the Expressiveness of Pattern Languages. In: ChiliPloP (2003)Google Scholar
  10. 10.
    Mouratidis, H., Giorgini, P., Manson, G.: When Security meets Software Engineering: A Case of Modelling Secure Information Systems. Information Systems (in press)Google Scholar
  11. 11.
    Noble, J.: Classifying Relationships between Object-Oriented Design Patterns. In: Australian Software Engineering Conference, ASWEC (1998)Google Scholar
  12. 12.
    Saltzer, J., Schroeder, M.: The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9), 1278–1308 (1975)CrossRefGoogle Scholar
  13. 13.
    Schumacher, M.: Security Engineering with Patterns. LNCS, vol. 2754. Springer, Heidelberg (2003)MATHCrossRefGoogle Scholar
  14. 14.
    Tryfonas, T., Kiountouzis, E., Poulymenakou, A.: Embedding Security Practices in Contemporary Information Systems Development Approaches. Information Management & Computer Security 9(4), 183–197 (2001)CrossRefGoogle Scholar
  15. 15.
    Weiss, M.: Pattern Driven Design of Agent Systems: Approach and Case Study. In: Eder, J., Missikoff, M. (eds.) CAiSE 2003. LNCS, vol. 2681. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Yoder, J., Barcalow, J.: Architectural Patterns for Enabling Application Security. In: Conference on Pattern Languages of Programs, PLoP (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Haralambos Mouratidis
    • 1
  • Michael Weiss
    • 2
  • Paolo Giorgini
    • 3
  1. 1.School of Computing and TechnologyUniversity of East LondonEngland
  2. 2.Dept. of Computer ScienceCarleton UniversityOttawaCanada
  3. 3.Dept. of Information and Communication TechnologyUniversity of TrentoItaly

Personalised recommendations