Selecting Security Mechanisms in Secure Tropos

  • Michalis PavlidisEmail author
  • Haralambos Mouratidis
  • Emmanouil Panaousis
  • Nikolaos Argyropoulos
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10442)


As security is a growing concern for modern information systems, Security Requirements Engineering has been developed as a very active area of research. A large body of work deals with elicitation, modelling, analysis, and reasoning about security requirements. However, there is little evidence of efforts to align security requirements with security mechanisms. This paper extends the Secure Tropos methodology to enable a clear alignment, between security requirements and security mechanisms, and a reasoning technique to optimise the selection of security mechanisms based on these security requirements and a set of other factors. The extending Secure Tropos supports modelling and analysis of security mechanisms; defines mathematically relevant modelling concepts to support a formal analysis; and defines and solves an optimisation problem to derive optimal sets of security mechanisms. We demonstrate the applicability of our work with the aid of a case study from the health care domain.


Security modelling Secure Tropos 


  1. 1.
    McDermott, J., Fox, C.: Using abuse case models for security requirements analysis. In: 15th Annual Computer Security Applications Conference, (ACSAC 1999) Proceedings, pp. 55–64. IEEE (1999)Google Scholar
  2. 2.
    Basin, D., Doser, J., Lodderstedt, T.: Model driven security for process-oriented systems. In: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, pp. 100–109. ACM (2003)Google Scholar
  3. 3.
    Mouratidis, H.: Integrating Security and Software Engineering: Advances and Future Visions: Advances and Future Visions. IGI Global, Hershey (2006)Google Scholar
  4. 4.
    Haley, C.B., Laney, R., Moffett, J.D., Nuseibeh, B.: Arguing satisfaction of security requirements. Integr. Secur. Softw. Eng. Adv. Future Vis. 16–43 (2006)Google Scholar
  5. 5.
    Fabian, B., Gürses, S., Heisel, M., Santen, T., Schmidt, H.: A comparison of security requirements engineering methods. Requir. Eng. 15(1), 7–40 (2010)CrossRefGoogle Scholar
  6. 6.
    Dubois, E., Mouratidis, H.: Guest editorial: security requirements engineering: past, present and future. Requir. Eng. 15(1), 1–5 (2010)CrossRefGoogle Scholar
  7. 7.
    Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(2), 285–309 (2007)CrossRefGoogle Scholar
  8. 8.
    Chung, L., Nixon, B., Yu, E., Mylopoulos, J.: Non-Functional Requirements in Software Engineering. International Series in Software Engineering. Springer, Heidelberg (2000). doi: 10.1007/978-1-4615-5269-7 CrossRefzbMATHGoogle Scholar
  9. 9.
    Hatebur, D., Heisel, M.: Problem frames and architectures for security problems. In: Winther, R., Gran, B.A., Dahll, G. (eds.) SAFECOMP 2005. LNCS, vol. 3688, pp. 390–404. Springer, Heidelberg (2005). doi: 10.1007/11563228_30 CrossRefGoogle Scholar
  10. 10.
    Hatebur, D., Heisel, M., Schmidt, H.: Security Engineering Using Problem Frames. In: Müller, G. (ed.) ETRICS 2006. LNCS, vol. 3995, pp. 238–253. Springer, Heidelberg (2006). doi: 10.1007/11766155_17 CrossRefGoogle Scholar
  11. 11.
    Gupta, M., Rees, J., Chaturvedi, A., Chi, J.: Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach. Decis. Support Syst. 41(3), 592–603 (2006)CrossRefGoogle Scholar
  12. 12.
    Neubauer, T., Pehn, M.: Workshop-based risk assessment for the definition of secure business processes. In: Second International Conference on Information, Process, and Knowledge Management, eKNOW 2010, pp. 74–79. IEEE (2010)Google Scholar
  13. 13.
    Viduto, V., Maple, C., Huang, W., López-Peréz, D.: A novel risk assessment and optimisation model for a multi-objective network security countermeasure selection problem. Decis. Support Syst. 53(3), 599–610 (2012)CrossRefGoogle Scholar
  14. 14.
    Sawik, T.: Selection of optimal countermeasure portfolio in it security planning. Decis. Support Syst. 55(1), 156–164 (2013)CrossRefGoogle Scholar
  15. 15.
    Giorgini, P., Mylopoulos, J., Nicchiarelli, E., Sebastiani, R.: Formal Reasoning Techniques for Goal Models. In: Spaccapietra, S., March, S., Aberer, K. (eds.) Journal on Data Semantics I. LNCS, vol. 2800, pp. 1–20. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-39733-5_1 CrossRefGoogle Scholar
  16. 16.
    Amyot, D., Ghanavati, S., Horkoff, J., Mussbacher, G., Peyton, L., Yu, E.: Evaluating goal models within the goal-oriented requirement language. Int. J. Intell. Syst. 25(8), 841–877 (2010)CrossRefGoogle Scholar
  17. 17.
    Letier, E., Van Lamsweerde, A.: Reasoning about partial goal satisfaction for requirements and design engineering. In: ACM SIGSOFT Software Engineering Notes, vol. 29, pp. 53–62. ACM (2004)Google Scholar
  18. 18.
    Bryl, V., Giorgini, P., Mylopoulos, J.: Designing cooperative is: exploring and evaluating alternatives. In: On the Move to Meaningful Internet Systems 2006: CoopIS, DOA, GADA, and ODBASE, pp. 533–550. Springer, Heidelberg (2006)Google Scholar
  19. 19.
    Kaiya, H., Horai, H., Saeki, M.: Agora: attributed goal-oriented requirements analysis method. In: IEEE Joint International Conference on Requirements Engineering, Proceedings, pp. 13–22. IEEE (2002)Google Scholar
  20. 20.
    Bencomo, N., Belaggoun, A.: Supporting decision-making for self-adaptive systems: from goal models to dynamic decision networks. In: Doerr, J., Opdahl, A.L. (eds.) REFSQ 2013. LNCS, vol. 7830, pp. 221–236. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-37422-7_16 CrossRefGoogle Scholar
  21. 21.
    Feather, M.S., Cornford, S.L., Hicks, K., Kiper, J.D., Menzies, T., et al.: A broad, quantitative model for making early requirements decisions. Software 25(2), 49–56 (2008). IEEECrossRefGoogle Scholar
  22. 22.
    Heaven, W., Letier, E.: Simulating and optimising design decisions in quantitative goal models. In: 2011 19th IEEE International Requirements Engineering Conference (RE), pp. 79–88. IEEE (2011)Google Scholar
  23. 23.
    Mellado, D., Fernández-Medina, E., Piattini, M.: A common criteria based security requirements engineering process for the development of secure information systems. Comput. Stan. Interfaces 29(2), 244–253 (2007)CrossRefGoogle Scholar
  24. 24.
    Mead, N.R., Stehney, T.: Security quality requirements engineering (square) methodology. SIGSOFT Softw. Eng. Notes 30(4), 1–7 (2005)CrossRefGoogle Scholar
  25. 25.
    Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requir. Eng. 10(1), 34–44 (2005). CrossRefGoogle Scholar
  26. 26.
    Liu, L., Yu, E., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: 11th IEEE International Requirements Engineering Conference, Proceedings, pp. 151–161 (2003)Google Scholar
  27. 27.
    Paja, E., Dalpiaz, F., Giorgini, P.: Managing security requirements conflicts in socio-technical systems. In: Ng, W., Storey, V.C., Trujillo, J.C. (eds.) ER 2013. LNCS, vol. 8217, pp. 270–283. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-41924-9_23 CrossRefGoogle Scholar
  28. 28.
    Van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th International Conference on Software Engineering, pp. 148–157. IEEE Computer Society (2004)Google Scholar
  29. 29.
    Franqueira, V.N., Tun, T.T., Yu, Y., Wieringa, R., Nuseibeh, B.: Risk and argument: a risk-based argumentation method for practical security. In: 2011 19th IEEE International Requirements Engineering Conference (RE), pp. 239–248. IEEE (2011)Google Scholar
  30. 30.
    Asnar, Y., Giorgini, P., Mylopoulos, J.: Goal-driven risk assessment in requirements engineering. Requir. Eng. 16(2), 101–116 (2011)CrossRefGoogle Scholar
  31. 31.
    Lee, S.W.: Probabilistic risk assessment for security requirements: a preliminary study. In: 2011 Fifth International Conference on Secure Software Integration and Reliability Improvement (SSIRI), pp. 11–20. IEEE (2011)Google Scholar
  32. 32.
    Houmb, S.H., Georg, G., Jürjens, J., France, R.: An integrated security verification and security solution design trade-off analysis approach. Integrating Security and Software Engineering: Advances and Future Visions/Mouratidis, Haralambos pp. 190–219 (2007)Google Scholar
  33. 33.
    Tsigkanos, C., Pasquale, L., Menghi, C., Ghezzi, C., Nuseibeh, B.: Engineering topology aware adaptive security: Preventing requirements violations at runtime. In: 2014 IEEE 22nd International Requirements Engineering Conference (RE), pp. 203–212. IEEE (2014)Google Scholar
  34. 34.
    Van Lamsweerde, A.: Goal-oriented requirements engineering: a guided tour. In: Fifth IEEE International Symposium on Requirements Engineering, Proceedings, pp. 249–262. IEEE (2001)Google Scholar
  35. 35.
    Bresciani, P., Perini, A., Giorgini, P., Giunchiglia, F., Mylopoulos, J.: Tropos: An agent-oriented software development methodology. Auton. Agent. Multi-Agent Syst. 8(3), 203–236 (2004)CrossRefzbMATHGoogle Scholar
  36. 36.
    Sommerville, I., Kotonya, G.: Requirements Engineering: Processes and Techniques. Wiley, Hoboken (1998)Google Scholar
  37. 37.
    Haley, C.B., Laney, R., Moffett, J.D., Nuseibeh, B.: Security requirements engineering: a framework for representation and analysis. IEEE Trans. Softw. Eng. 34(1), 133–153 (2008)CrossRefGoogle Scholar
  38. 38.
    Cysneiros, L.M., Sampaio do Prado Leite, J.C.: Nonfunctional requirements: from elicitation to conceptual models. IEEE Trans. Softw. Eng. 30(5), 328–350 (2004)CrossRefGoogle Scholar
  39. 39.
    Sebastiani, R., Trentin, P.: Optimathsat: a tool for optimization modulo theoriesGoogle Scholar
  40. 40.
    Greek-Parliament: Act 3892: Electronic registration and fulfilment of medical prescriptions and clinical test referrals. FEK 189(1), 4225–4232 (2010)Google Scholar
  41. 41.
    Sfyroeras, V.: The electronic prescription system. Pharmacy management and communications, pp. 68–69, September 2012.
  42. 42.
    Adoxx Meta-modeling platform.
  43. 43.
    Bonneau, J., Herley, C., van Oorschot, P.C., Stajano, F.: The quest to replace passwords: a framework for comparative evaluation of web authentication schemes. In: Proceedings of the 33rd IEEE Symposium on Security and Privacy. San Francisco, CA, USA, May 2012Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Michalis Pavlidis
    • 1
    Email author
  • Haralambos Mouratidis
    • 1
  • Emmanouil Panaousis
    • 1
  • Nikolaos Argyropoulos
    • 1
  1. 1.University of BrightonBrightonEngland

Personalised recommendations