Skip to main content
SpringerLink
Log in

Modelling the interplay of security, privacy and trust in sociotechnical systems: a computer-aided design approach

  • Regular Paper
  • Published:
Software and Systems Modeling Aims and scope Submit manuscript

Abstract

Personal data have become a central asset for multiple enterprise applications and online services offered by private companies, public organisations or a combination of both. The sensitivity of such data and the continuously growing legislation that accompanies their management dictate the development of methods that allow the development of more secure, trustworthy software systems with focus on privacy protection. The contribution of this paper is the definition of a novel requirements engineering method that supports both early and late requirements specification, giving emphasis on security, privacy and trust. The novelty of our work is that it provides the means for software designers and security experts to analyse the system-to-be from multiple aspects, starting from identifying high-level goals to the definition of business process composition, and elicitation of mechanisms to fortify the system from external threats. The method is supported by two CASE tools. To demonstrate the applicability and usefulness of our work, the paper shows its applications to a real-world case study.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Notes

  1. http://www.sts-tool.eu/.

  2. www.sense-brighton.eu/research/sectro-tool.

  3. https://capec.mitre.org/.

  4. https://www.owasp.org/index.php/Main_Page.

  5. https://cve.mitre.org/.

  6. http://salnitri.faculty.polimi.it/?page_id=327.

  7. http://www.daem.gr/en/.

  8. https://www.sviluppoeconomico.gov.it.

  9. http://www.madrid.org/hospitalninojesus/.

  10. http://www.ospedalebambinogesu.it/home.

References

  1. Ahmed, N., Matulevicius, R.: A method for eliciting security requirements from the business process models. In: CAiSE (Forum/Doctoral Consortium), pp. 57–64 (2014)

  2. Alexander, I.: Misuse cases: use cases with hostile intent. IEEE Softw. 20(1), 58–66 (2003)

    Google Scholar 

  3. Ali, R., Dalpiaz, F., Giorgini, P.: A goal modeling framework for self-contextualizable software. BMMDS/EMMSAD 9, 326–338 (2009)

    Google Scholar 

  4. Angelopoulos, K., Souza, V.E.S., Mylopoulos, J.: Capturing variability in adaptation spaces: a three-peaks approach. In: International Conference on Conceptual Modeling, pp. 384–398. Springer (2015)

  5. Bijwe, A., Mead, N.R.: Adapting the Square Process for Privacy Requirements Engineering. Technical report. Software Engineering Institute (2010)

  6. Bimrah, K.K.: A Framework for Modelling Trust During Information Systems Development. PhD thesis, University of East London (2009)

  7. Bittner, K.: Use Case Modeling. Addison-Wesley Longman Publishing Co., Inc, Boston (2002)

    Google Scholar 

  8. Bresciani, P., Perini, A., Giorgini, P., Giunchiglia, F., Mylopoulos, J.: Tropos: an agent-oriented software development methodology. Auton. Agents Multi Agent Syst. 8(3), 203–236 (2004)

    MATH  Google Scholar 

  9. Chopra, A.K., Dalpiaz, F., Giorgini, P., Mylopoulos, J.: Reasoning about agents and protocols via goals and commitments. In: Proceedings of the 9th International Conference on Autonomous Agents and Multiagent Systems, Vol. 1, pp. 457–464. International Foundation for Autonomous Agents and Multiagent Systems (2010)

  10. Chung, L., Nixon, B.A., Yu, E., Mylopoulos, J.: Non-functional Requirements in Software Engineering. Springer, Berlin/Heidelberg, Germany (2012)

    MATH  Google Scholar 

  11. Dalpiaz, F., Paja, E., Giorgini, P.: Security Requirements Engineering: Designing Secure Socio-Technical Systems. MIT Press, Cambridge (2016)

    Google Scholar 

  12. Dardenne, A., Van Lamsweerde, A., Fickas, S.: Goal-directed requirements acquisition. Sci. Comput. Program. 20(1–2), 3–50 (1993)

    MATH  Google Scholar 

  13. Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir. Eng. 16(1), 3–32 (2011)

    Google Scholar 

  14. Diamantopoulou, V., Kalloniatis, C., Gritzalis, S., Mouratidis, H.: Supporting Privacy by Design Using Privacy Process Patterns, pp. 491–505. Springer International Publishing, Cham (2017)

    Google Scholar 

  15. Diamantopoulou, V., Mouratidis, H.: Applying the physics of notation to the evaluation of a security and privacy requirements engineering methodology. Inf. Comput. Secur. 26(4), 382–400 (2018)

    Google Scholar 

  16. Diamantopoulou, V., Mouratidis, H.: Evaluating a reference architecture for privacy level agreements management. In: 12th Mediterranean Conference on Information Systems (MCIS 2018). AIS (2018)

  17. Elahi, G., Yu, E.: Trust trade-off analysis for security requirements engineering. In: Requirements Engineering Conference, 2009. RE’09. 17th IEEE International, pp. 243–248. IEEE (2009)

  18. European Union. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union, L119/59, May (2016)

  19. Faßbender, S., Heisel, M., Meis, R.: Functional requirements under security pressure. In: 2014 9th International Conference on Software Paradigm Trends (ICSOFT-PT), pp. 5–16. IEEE (2014)

  20. Faßbender, S., Heisel, M., Meis, R.: Problem-based security requirements elicitation and refinement with pressure. In: International Conference on Software Technologies, pp. 311–330. Springer (2014)

  21. Gharib, M., Salnitri, M., Paja, E., Giorgini, P., Mouratidis, H., Pavlidis, M., Ruiz, J.F., Fernandez, S., and Andrea Della Siria. Privacy requirements: Findings and lessons learned in developing a privacy platform. In: 2016 IEEE 24th International Requirements Engineering Conference (RE), pp. 256–265. IEEE (2016)

  22. Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling security requirements through ownership, permission and delegation. In: 13th IEEE International Conference on Requirements Engineering, 2005. Proceedings, pp. 167–176 (2005)

  23. Gorski, J., Jarzkebowicz, A., Leszczyna, R., Miler, J., Olszewski, M.: Trust case: justifying trust in an it solution. Reliab. Eng. Syst. Saf. 89(1), 33–47 (2005)

    Google Scholar 

  24. Haley, C., Laney, R., Moffett, J., Nuseibeh, B.: Security requirements engineering: a framework for representation and analysis. IEEE Trans. Softw. Eng. 34(1), 133–153 (2008)

    Google Scholar 

  25. Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. Manag. Inf. Syst. Q. 28(1), 6 (2008)

    Google Scholar 

  26. Horkoff, J., Yu, Y., Eric, S.K.: Openome: an open-source goal and agent-oriented model drawing and analysis tool. iStar 766, 154–156 (2011)

    Google Scholar 

  27. Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PRiS method. Requir. Eng. 13(3), 241–255 (2008)

    Google Scholar 

  28. Lambrinoudakis, C., Gritzalis, S., Dridi, F., Pernul, G.: Security requirements for e-government services: a methodological approach for developing a common pki-based security policy. Comput. Commun. 26(16), 1873–1883 (2003)

    Google Scholar 

  29. Lee, W.-S., Grosh, D.L., Tillman, F.A., Lie, C.H.: Fault tree analysis, methods, and applications a review. IEEE Trans. Reliab. 34(3), 194–203 (1985)

    MATH  Google Scholar 

  30. Martínez, A., Pastor López, O., Estrada, H.: A pattern language to join early and late requirements. J. Comput. Sci. Technol. 5, 64–70 (2005)

    Google Scholar 

  31. Massacci, F., Mylopoulos, J., Zannone, N.: Security requirements engineering: the si* modeling language and the secure tropos methodology. In: Advances in Intelligent Information Systems, pp. 147–174. Springer, Berlin, Heidelberg (2010)

    Google Scholar 

  32. Mauw, S., Oostdijk, M.: Foundations of attack trees. In: International Conference on Information Security and Cryptology, pp. 186–198. Springer (2005)

  33. Mead, N.R., Stehney, T.: Security Quality Requirements Engineering (SQUARE) Methodology, vol. 30. ACM, New York (2005)

    Google Scholar 

  34. Miyazaki, S., Mead, N., Zhan, J.: Computer-aided privacy requirements elicitation technique. In: Asia-Pacific Services Computing Conference, 2008. APSCC’08. pp. 367–372. IEEE (2008)

  35. Mouratidis, H., Argyropoulos, N., Shei, S.: Security requirements engineering for cloud computing: the secure tropos approach. In: Domain-Specific Conceptual Modeling, pp. 357–380. Springer (2016)

  36. Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(02), 285–309 (2007)

    Google Scholar 

  37. Mylopoulos, J., Chung, L., Yu, E.: From object-oriented to goal-oriented requirements analysis. Commun. ACM 42(1), 31–37 (1999)

    Google Scholar 

  38. Mllering, G.: The trust/control duality. Int. Sociol. 20(3), 283–305 (2005)

    Google Scholar 

  39. Nguyen, C.M., Sebastiani, R., Giorgini, P., Mylopoulos, J.: Multi-objective reasoning with constrained goal models. Requir. Eng. 23, 189–225 (2016)

    Google Scholar 

  40. Nhlabatsi, A., Bandara, A., Hayashi, S., Haley, C., Jurjens, J., Kaiya, H., Kubo, A., Laney, R., Mouratidis, H., Nuseibeh, B et al.: Security patterns: comparing modeling approaches. In: Software Engineering for Secure Systems: Industrial and Research Perspectives, pp. 75–111. IGI Global (2011)

  41. OMG. Bpmn 2.0. Technical report, OMG (2011)

  42. OMG. Uml 2.5.1. Technical report, OMG (2017)

  43. Paja, E., Dalpiaz, F., Giorgini, P.: Modelling and reasoning about security requirements in socio-technical systems. Data Knowl. Eng. 98, 123–143 (2015)

    Google Scholar 

  44. Pavlidis, M., Islam, S., Mouratidis, H., Kearney, P.: Modeling trust relationships for developing trustworthy information systems. Int. J. Inf. Syst. Model. Des.: IJISMD 5(1), 25–48 (2014)

    Google Scholar 

  45. Pavlidis, M., Mouratidis, H., Islam, S.: Modelling security using trust based concepts. Int. J. Secure Softw. Eng.: IJSSE 3(2), 36–53 (2012)

    Google Scholar 

  46. Pavlidis, M., Mouratidis, H., Islam, S., Kearney, P.: Dealing with trust and control: a meta-model for trustworthy information systems development. In: 2012 Sixth International Conference on Research Challenges in Information Science (RCIS), pp. 1–9 (2012)

  47. Pfitzmann, A., Hansen, M.: A Terminology for Talking About Privacy by Data Minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management (2010)

  48. Presti, S.L., Butler, M., Leuschel, M., Booth, C.: Holistic trust design of e-services. Trust in E-Services: Technologies. Practices and Challenges, pp. 113–139. IGI Global, Hershey, Pennsylvania, USA (2006)

    Google Scholar 

  49. Rumbaugh, J., Jacobson, I., Booch, G.: Unified Modeling Language Reference Manual. Pearson Higher Education, Upper Saddle River (2004)

    Google Scholar 

  50. Salini, P., Kanmani, S.: Model oriented security requirements engineering (mosre) framework for web applications. In: Advances in Computing and Information Technology, pp. 341–353. Springer, Berlin, Heidelberg (2013)

    Google Scholar 

  51. Salnitri, M., Giorgini, P.: Transforming socio-technical security requirements in secbpmn security policies. In: iStar. CEUR Workshop Proceedings (2014)

  52. Salnitri, M., Paja, E., Giorgini, P.: Preserving compliance with security requirements in socio-technical systems. In: Cyber Security and Privacy Forum, pp. 49–61. Springer, Cham (2014)

    Google Scholar 

  53. Salnitri, M., Paja, E., Giorgini, P.: Maintaining secure business processes in light of socio-technical systems’ evolution. In: IEEE International Requirements Engineering Conference Workshops (REW), pp. 155–164. IEEE (2016)

  54. Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns: Integrating Security and Systems Engineering. Wiley, Hoboken (2013)

    Google Scholar 

  55. Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)

    Google Scholar 

  56. Steinberg, D., Budinsky, F., Merks, E., Paternostro, M.: EMF: Eclipse Modeling Framework. Pearson Education, London (2008)

    Google Scholar 

  57. Van Lamsweerde, A.: Goal-oriented requirements engineering: a guided tour. In: Fifth IEEE International Symposium on Requirements Engineering, 2001. Proceedings, pp. 249–262. IEEE (2001)

  58. Van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th International Conference on Software Engineering, pp. 148–157 (2004)

  59. Van Lamsweerde, A.: Requirements Engineering: From System Goals to UML Models to Software (2009)

  60. Van Lamsweerde, A., Letier, E.: Handling obstacles in goal-oriented requirements engineering. IEEE Trans. Softw. Eng. 26(10), 978–1005 (2000)

    Google Scholar 

  61. VisiOn-Consortium. D6.3 Training Activities Manual. Technical report, VisiOn (2017)

  62. VisiOn European project consortium: VisiOn Pilots Report—Final Version. Technical report, VisiOn (2017). https://www.visioneuproject.eu/wp-content/uploads/2018/11/2017-VSN-RP-145-D5.2-VisiOn-Pilots-Report-final.pdf

  63. Wieringa, R., Daneva, M.: Six strategies for generalizing software engineering theories. Sci. Comput. Program. 101, 136–152 (2015)

    Google Scholar 

  64. Wohlin, C., Runeson, P., Höst, M., Ohlsson, M.C., Regnell, B., Wesslén, A.: Experimentation in Software Engineering: An Introduction. Springer, Berlin (2000)

    MATH  Google Scholar 

  65. Yin, R.K.: Case Study Research and Applications: Design and Methods. Sage, Thousand Oaks (2017)

    Google Scholar 

  66. Yu, E.: Modelling Strategic Relationships for Process Reengineering. PhD thesis, University of Toronto (1995)

  67. Yu, E.: Modelling strategic relationships for process reengineering. Soc. Model. Requir. Eng. 11, 2011 (2011)

    Google Scholar 

  68. Yu, E., Liu, L.: Modelling trust for system design using the i * strategic actors framework. In: Falcone, R., Singh, M., Tan, Y.-H. (eds.) Trust in Cyber-Societies. Lecture Notes in Computer Science, vol. 2246, pp. 175–194. Springer, Berlin (2001)

    Google Scholar 

  69. Yu, E.S.K.: Towards modelling and reasoning support for early-phase requirements engineering. In: Proceedings of the Third IEEE International Symposium on Requirements Engineering, 1997, pp. 226–235. IEEE (1997)

  70. Zainal, Z.: Case study as a research method. J. Kemanus. 5(1), 1–6 (2007)

    Google Scholar 

  71. Zave, P.: Classification of research efforts in requirements engineering. ACM Comput. Surv: CSUR 29(4), 315–321 (1997)

    Google Scholar 

Download references

Acknowledgements

This paper is supported by European Union Horizon 2020 research and innovation programme under Grant Agreement No. 653642, project VisiOn (Visual Privacy Management in User Centric Open environments).

Author information

Authors and Affiliations

  1. Department of Electronic, Computer Science and Bio-Engineering, Politecnico di Milano, Milan, Italy

    Mattia Salnitri

  2. Collibra, Brussels, Belgium

    Konstantinos Angelopoulos

  3. Centre for Secure, Intelligent and Usable Systems, University of Brighton, Brighton, UK

    Michalis Pavlidis & Haralambos Mouratidis

  4. Department of Information and Communication Systems Engineering, University of the Aegean, Samos, Greece

    Vasiliki Diamantopoulou

  5. Department of Information Engineering and Computer Science, University of Trento, Trento, Italy

    Paolo Giorgini

Authors
  1. Mattia Salnitri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Konstantinos Angelopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michalis Pavlidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vasiliki Diamantopoulou
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Haralambos Mouratidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Paolo Giorgini
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mattia Salnitri.

Additional information

Communicated by Ruth Breu.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Salnitri, M., Angelopoulos, K., Pavlidis, M. et al. Modelling the interplay of security, privacy and trust in sociotechnical systems: a computer-aided design approach. Softw Syst Model 19, 467–491 (2020). https://doi.org/10.1007/s10270-019-00744-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10270-019-00744-x

Keywords

Search

Navigation