کد مقاله کد نشریه سال انتشار مقاله انگلیسی نسخه تمام متن
378773 659216 2015 21 صفحه PDF دانلود رایگان
عنوان انگلیسی مقاله ISI
Modelling and reasoning about security requirements in socio-technical systems
ترجمه فارسی عنوان
مدل سازی و استدلال در مورد نیازهای امنیتی در سیستم های اجتماعی-فنی
کلمات کلیدی
الزامات امنیتی، استدلال خودکار، مدل های مورد نیاز
موضوعات مرتبط
مهندسی و علوم پایه مهندسی کامپیوتر هوش مصنوعی
چکیده انگلیسی

Modern software systems operate within the context of larger socio-technical systems, wherein they interact—by exchanging data and outsourcing tasks—with other technical components, humans, and organisations. When interacting, these components (actors) operate autonomously; as such, they may disclose confidential information without being authorised, wreck the integrity of private data, rely on untrusted third parties, etc. Thus, the design of a secure software system shall begin with a thorough analysis of its socio-technical context, thereby considering not only technical attacks, but also social and organisational ones.In this paper, we propose the STS approach for modelling and reasoning about security requirements. In STS, security requirements are specified, via the STS-ml requirements modelling language, as contracts that constrain the interactions among the actors in the socio-technical system. The requirements models of STS-ml have a formal semantics which enables automated reasoning for detecting possible conflicts among security requirements as well as conflicts between security requirements and actors' business policies. We apply STS to a case study about e-Government, and report on promising scalability results of our implementation.

ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Data & Knowledge Engineering - Volume 98, July 2015, Pages 123–143
نویسندگان
, , ,