Secure Tropos framework for software product lines requirements engineering

Security and requirements engineering are two of the most important factors of success in the development of a software product line (SPL). Goal-driven security requirements engineering approaches, such as Secure Tropos, have been proposed as a suitable paradigm for elicitation of security requirements and their analysis on both a social and a technical dimension. Nevertheless, goal-driven security requirements engineering methodologies are not appropriately tailored to the specific demands of SPL, while on the other hand specific proposals of SPL engineering have traditionally ignored security requirements. This paper presents work that fills this gap by proposing “SecureTropos-SPL” framework.     

A comparison of security requirements engineering methods

This paper presents a conceptual framework for security engineering, with a strong focus on security requirements elicitation and analysis. This conceptual framework establishes a clear-cut vocabulary and makes explicit the interrelations between the different concepts and notions used in security engineering. Further, we apply our conceptual framework to compare and evaluate current security requirements engineering approaches, such as the Common Criteria, Secure Tropos, SREP, MSRA, as well as methods based on UML and problem frames. We review these methods and assess them according to different criteria, such as the general approach and scope of the method, its validation, and quality assurance capabilities. Finally, we discuss how these methods are related to the conceptual framework and to one another.     

Specifying and analyzing early requirements in Tropos

We present a framework that supports the formal verification of early requirements specifications. The framework is based on Formal Tropos, a specification language that adopts primitive concepts for modeling early requirements (such as actor, goal, and strategic dependency), along with a rich temporal specification language. We show how existing formal analysis techniques, and in particular model checking, can be adapted for the automatic verification of Formal Tropos specifications. These techniques have been implemented in a tool, called the T-Tool, that maps Formal Tropos specifications into a language that can be handled by the NuSMV model checker. Finally, we evaluate our methodology on a course-exam management case study. Our experiments show that formal analysis reveals gaps and inconsistencies in early requirements specifications that are by no means trivial to discover without the help of formal analysis tools.

Deriving business processes with service level agreements from early requirements

When designing a service-based business process employing loosely coupled services, one is not only interested in guaranteeing a certain flow of work, but also in how the work will be performed. This involves the consideration of non-functional properties which go from execution time and costs, to trust and security. Ideally, a designer would like to have guarantees over the behavior of the services involved in the process. These guarantees are the object of Service Level Agreements.We propose a methodology to design service-based business processes together with Service Level Agreements that guarantee a certain quality of execution, with particular emphasis on security. Starting from an early requirements analysis modeled in the Secure Tropos formalism, we provide a set of user-guided transformations and reasoning tools the final output of which is a set of processes in the form of Secure BPELs together with a set of Service Level Agreements to be signed by participating services. To show the potential impact of the approach, we illustrate the functioning of the methodology on a collaborative procurement scenario derived from the application domain of a research project.     

Analysis of Secure Mobile Grid Systems: A systematic approach

Developing software through systematic processes is becoming more and more important due to the growing complexity of software development. It is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. Systems which are based on Grid Computing are a kind of systems that have clear differentiating features in which security is a highly important aspect. The Mobile Grid, which is relevant to both Grid and Mobile Computing, is a full inheritor of the Grid with the additional feature that it supports mobile users and resources. A development methodology for Secure Mobile Grid Systems is proposed in which the security aspects are considered from the first stages of the life-cycle and in which the mobile Grid technological environment is always present in each activity. This paper presents the analysis activity, in which the requirements (focusing on the grid, mobile and security requirements) of the system are specified and which is driven by reusable use cases through which the requirements and needs of these systems can be defined. These use cases have been defined through a UML-extension for security use cases and Grid use cases which capture the behaviour of this kind of systems. The analysis activity has been applied to a real case.     

Tropos: An Agent-Oriented Software Development Methodology

Our goal in this paper is to introduce and motivate a methodology, called Tropos,¹ for building agent oriented software systems. Tropos is based on two key ideas. First, the notion of agent and all related mentalistic notions (for instance goals and plans) are used in all phases of software development, from early analysis down to the actual implementation. Second, Tropos covers also the very early phases of requirements analysis, thus allowing for a deeper understanding of the environment where the software must operate, and of the kind of interactions that should occur between software and human agents. The methodology is illustrated with the help of a case study. The Tropos language for conceptual modeling is formalized in a metamodel described with a set of UML class diagrams.     

An engineering process for developing Secure Data Warehouses

We present a new approach for the elicitation and development security requirements in the entire Data Warehouse (DWs) life cycle, which we have called a Secure Engineering process for DAta WArehouses (SEDAWA). Whilst many methods for the requirements analysis phase of the DWs have been proposed, the elicitation of security requirements as non-functional requirements has not received sufficient attention. Hence, in this paper we propose a methodology for the DW design based on Model Driven Architecture (MDA) and the standard Software Process Engineering Metamodel Specification (SPEM) from the Object Management Group (OMG). We define four phases comprising of several activities and steps, an d five disciplines which cover the whole DW design. Our methodology adapts the i¹ framework to be used under MDA and the SPEM approaches in order to elicit and develop security requirements for DWs. The benefits of our proposal are shown through an example related to the management of the pharmacies consortium business.     

A Software Framework for Non-Repudiation Service based on Adaptive~Secure Methodology in Electronic Commerce

In this paper, we propose a secure and efficient software framework for non-repudiation service based on an adaptive secure methodology in e-commerce (electronic commerce). First, we introduce an explicit security framework of the e-commerce transaction called notary service. The proposed framework supports non-repudiation of service for a successful e-commerce transaction in terms of generation, delivery, retrieval, and verification of the evidence for resolving disputes. Second, we propose an adaptive secure methodology to support secure and efficient non-repudiation of service in the proposed framework. Our adaptive secure methodology dynamically adapts security classes based on the nature and sensitivity of interactions among participants. The security classes incorporate security levels of cryptographic techniques with a degree of information sensitivity. As Internet e-businesses exponentially grow, a need for high security level categories to identify a group of connections or individual transactions is manifest. Therefore, development of an efficient and secure methodology is in high demand. We have done extensive experiments on the performance of the proposed adaptive secure methodology. Experimental results show that the adaptive secure methodology provides e-commerce transactions with high quality of security services. Our software framework incorporating the adaptive secure methodology is compared with existing well-known e-commerce frameworks such as SSL (Secure Socket Layer) and SET (Secure Electronic Transaction).     

Behavioural threshold analysis: methodological and practical considerations for applications in information security

ABSTRACT

The application of behavioural threshold analysis to analyse group behaviour in information security presents a unique challenge in terms of the measurement instruments and methodology used to gather relevant attitude data. This paper presents an analysis of the specialised requirements for such a measurement instrument and makes methodological recommendations on the content and especially presentation of information security topics in a measurement instrument for this context. A comparison between existing methods and the specific requirements for threshold analysis is presented and serves as the main rationale for the suggested methodology. The recommended methodology and subsequent measurement instrument were implemented and experimentally tested in case studies to gauge their feasibility. Applications of behavioural threshold analysis in information security that follow the recommended methodology suggested in this article performed satisfactorily and elicits cause for further real-world experimentation.     

Methodology for evaluating automated map generalization in commercial software

This paper presents a methodology developed for a study to evaluate the state of the art of automated map generalization in commercial software without applying any customization. The objectives of this study are to learn more about generic and specific requirements for automated map generalization, to show possibilities and limitations of commercial generalization software, and to identify areas for further research. The methodology had to consider all types of heterogeneity to guarantee independent testing and evaluation of available generalization solutions. The paper presents the two main steps of the methodology. The first step is the analysis of map requirements for automated generalization, which consisted of sourcing representative test cases, defining map specifications in generalization constraints, harmonizing constraints across the test cases, and analyzing the types of constraints that were defined. The second step of the methodology is the evaluation of generalized outputs. In this step, three evaluation methods were integrated to balance between human and machine evaluation and to expose possible inconsistencies. In the discussion the applied methodology is evaluated and areas for further research are identified.     

Requirements engineering for trust management: model, methodology, and reasoning

A number of recent proposals aim to incorporate security engineering into mainstream software engineering. Yet, capturing trust and security requirements at an organizational level, as opposed to an IT system level, and mapping these into security and trust management policies is still an open problem. This paper proposes a set of concepts founded on the notions of ownership, permission, and trust and intended for requirements modeling. It also extends Tropos, an agent-oriented software engineering methodology, to support security requirements engineering. These concepts are formalized and are shown to support the automatic verification of security and trust requirements using Datalog. To make the discussion more concrete, we illustrate the proposal with a Health Care case study.This work is an expanded and revised version of [19,20].     

Secure Data Sharing with Confidentiality,Integrity and Access Control in Cloud Environment

Cloud storage is an incipient technology in today’s world. Lack of security in cloud environment is one of the primary challenges faced these days. This scenario poses new security issues and it forms the crux of the current work. The current study proposes Secure Interactional Proof System (SIPS) to address this challenge. This methodology has a few key essential components listed herewith to strengthen the security such as authentication, confidentiality, access control, integrity and the group of components such as AVK Scheme (Access List, Verifier and Key Generator). It is challenging for every user to prove their identity to the verifier who maintains the access list. Verification is conducted by following Gulliou-Quisquater protocol which determines the security level of the user in multi-step authentication process. Here, RSA algorithm performs the key generation process while the proposed methodology provides data integrity as well as confidentiality using asymmetric encryption. Various methodological operations such as time consumption have been used as performance evaluators in the proposed SIPS protocol. The proposed solution provides a secure system for firm data sharing in cloud environment with confidentiality, authentication and access control. Stochastic Timed Petri (STPN) Net evaluation tool was used to verify and prove the formal analysis of SIPS methodology. This evidence established the effectiveness of the proposed methodology in secure data sharing in cloud environment.     

Behavioral specification of reactive systems using stream-based I/O tables

A core problem in formal methods is the transition from informal requirements to formal specifications. Especially when specifying the behavior of reactive systems, many formalisms require the user to either understand a complex mathematical theory and notation or to derive details not given in the requirements, such as the state space of the problem. For many approaches also a consistent set of requirements is needed, which enforces to resolve requirements conflicts prior to formalization. This paper describes a specification technique, where not states but signal patterns are the main elements. The notation is based on tables of regular expressions and supports a piece-wise formalization of potentially inconsistent requirements. Many properties, such as input completeness and consistency, can be checked automatically for these specifications. The detection and resolution of conflicts can be performed within our framework after formalization. Besides the formal foundation of our approach, this paper presents prototypical tool support and results from an industrial case study.     

Towards developing consistent misuse case models

Secure software development should begin at the early stages of the development life cycle. Misuse case modeling is a technique that stems from traditional use case modeling, which facilitates the elicitation and modeling functional security requirements at the requirements phase. Misuse case modeling is an effective vehicle to potentially identify a large subset of these threats. It is therefore crucial to develop high quality misuse case models otherwise end system developed will be vulnerable to security threats. Templates to describe misuse cases are populated with syntax-free natural language content. The inherent ambiguity of syntax-free natural language coupled with the crucial role of misuse case models in development can have a very detrimental effect. This paper proposes a structure that will guide misuse case authors towards developing consistent misuse case models. This paper also presents a process that utilizes this structure to ensure the consistency of misuse case models as they evolve, eliminating potential damages caused by inconsistencies. A tool was developed to provide automation support for the proposed structure and process. The feasibility and application of this approach were demonstrated using two real-world case studies.     

A novel quantum solution to secure two-party distance computation

Secure Two-Party Distance Computation is an important primitive of Secure Multiparty Computational Geometry that it involves two parties, where each party has a private point, and the two parties want to jointly compute the distance between their points without revealing anything about their respective private information. Secure Two-Party Distance Computation has very important and potential applications in settings of high secure requirements, such as privacy-preserving Determination of Spatial Location-Relation, Determination of Polygons Similarity, and so on. In this paper, we present a quantum protocol for Secure Two-Party Distance Computation by using QKD-based Quantum Private Query. The security of the protocol is based on the physical principles of quantum mechanics, instead of difficulty assumptions, and therefore, it can ensure higher security than the classical related protocols.