Abstract
Composite services foster reuse and efficiency in providing consumers with different functionalities (services). However, security aspects are a major concern, considering that both service consumers and providers are autonomous and heterogeneous—thus, loosely controllable entities. When consumers provide information in order to be furnished some service, what happens to that information? Do service consumers trust service providers? In order to tackle the design of secure and trustworthy composite services, we should consider the security requirements such a composition must satisfy. We propose STS-ml, a security requirements modelling language that allows modelling security requirements over participants’ (consumers and providers) interactions. These security requirements are expressed in terms of social contracts the various parties shall comply with while interacting (consuming/furnishing some service). Most importantly, STS-ml considers social and organisational threats that might affect the said composite services. In this chapter, we give an overview of STS-ml, introducing its modelling and reasoning capabilities while building models from the Aniketos eGovernment case study and verifying that the composite service complies with the specification, as well as checking whether a recomposition is needed.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Dalpiaz, F., Chopra, A.K., Giorgini, P., Mylopoulos, J.: Adaptation in open systems: Giving interaction its rightful place. In: Parsons, J., Saeki, M., Shoval, P., Woo, C., Wand, Y. (eds.) ER 2010. LNCS, vol. 6412, pp. 31–45. Springer, Heidelberg (2010)
Dalpiaz, F., Paja, E., Giorgini, P.: Security requirements engineering via commitments. In: Proceedings of STAST 2011, pp. 1–8 (2011)
Eiter, T., Gottlob, G., Mannila, H.: Disjunctive datalog. ACM Transactions on Database Systems (TODS) 22(3), 364–418 (1997)
Elahi, G., Yu, E.: A Goal Oriented Approach for Modeling and Analyzing Security Trade-Offs. In: Parent, C., Schewe, K.-D., Storey, V.C., Thalheim, B. (eds.) ER 2007. LNCS, vol. 4801, pp. 375–390. Springer, Heidelberg (2007)
Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling security requirements through ownership, permission and delegation. In: Proc. of RE 2005, pp. 167–176 (2005)
Singh, M.P.: An ontology for commitments in multiagent systems: Toward a unification of normative concepts. Artificial Intelligence and Law 7(1), 97–113 (1999)
Singh, M.P., Huhns, M.N.: Service-Oriented Computing: Semantics, Processes, Agents. John Wiley & Sons, Chichester (2005)
Trösterer, S., Beck, E., Dalpiaz, F., Paja, E., Giorgini, P., Tscheligi, M.: Formative user-centered evaluation of security modeling: Results from a case study. International Journal of Secure Software Engineering 3(1), 1–19 (2012)
Yu, E.: Modelling strategic relationships for process reengineering. PhD thesis, University of Toronto, Canada (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Paja, E., Dalpiaz, F., Giorgini, P. (2014). The Socio-technical Security Requirements Modelling Language for Secure Composite Services. In: Brucker, A.D., Dalpiaz, F., Giorgini, P., Meland, P.H., Rios, E. (eds) Secure and Trustworthy Service Composition. Lecture Notes in Computer Science, vol 8900. Springer, Cham. https://doi.org/10.1007/978-3-319-13518-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-13518-2_5
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-13517-5
Online ISBN: 978-3-319-13518-2
eBook Packages: Computer ScienceComputer Science (R0)