Privacy-Aware Trust Negotiation
Software engineering and information security have traditionally followed divergent paths but lately some efforts have been made to consider security from the early phases of the Software Development Life Cycle (SDLC). This paper follows this line and concentrates on the incorporation of trust negotiations during the requirements engineering phase. More precisely, we provide an extension to the SI* modelling language, which is further formalised using Answer Set Programming specifications to support the automatic verification of the model and the detection of privacy conflicts caused by trust negotiations.
KeywordsSecure software engineering Requirements engineering Goal-oriented modelling Privacy Trust
This work has been partially funded by the European Commission through the Marie Curie Training Network NeCS (H2020-MSCA-ITN-2015-675320), the Spanish Ministry of Economy and Competitiveness through PERSIST (TIN2013-41739-R) and PRECISE (TIN2014-54427-JIN), which is co-financed by FEDER.
- 1.Asnar, Y., Li, T., Massacci, F., Paci, F.: Computer aided threat identification. In: 13th IEEE Conference on Commerce and Enterprise Computing, pp. 145–152 (2011)Google Scholar
- 3.Castro, J., Giorgini, P., Kolp, M., Mylopoulos, J.: Tropos: a requirements-driven methodology for agent-oriented software. In: Henderson-Sellers, B., Giorgini, P. (eds.) Agent-Oriented Methodologies. Idea Group, Hershey (2005)Google Scholar
- 6.Massacci, F., Mylopoulos, J., Zannone, N.: Security requirements engineering: the SI* modeling language and the secure tropos methodology. In: Ras, Z.W., Tsay, L.-S. (eds.) Advances in Intelligent Information Systems. SCI, vol. 265, pp. 147–174. Springer, Heidelberg (2010)Google Scholar
- 8.Notario, N., Crespo, A., Martín, Y., del Álamo, J.M., Métayer, D.L., Antignac, T., Kung, A., Kroener, I., Wright, D.: PRIPARE: integrating privacy best practices into a privacy engineering methodology. In: International Workshop on Privacy, Engineering, pp. 151–158 (2015)Google Scholar
- 9.Paci, F., Fernandez-Gago, C., Moyano, F.: Detecting insider threats: a trust-aware framework. In: 8th International Conference on Availability, Reliability and Security (ARES), pp. 121–130, September 2013Google Scholar
- 12.van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: 26th International Conference on Software Engineering, ICSE 2004, pp. 148–157. IEEE Computer Society, Washington, DC (2004)Google Scholar
- 16.Yu, E.: Modelling strategic relationships for process reengineering. Ph.D thesis. University of Toronto, Canada (1996)Google Scholar