Security Agent-Oriented Requirements Engineering

Security is widely recognized as a main challenge in§developing software. Security Requirements§Engineering is an emerging field at the crossroads§between Security and Software Engineering, spurred by§the realization that security must be dealt with from§the earliest phases of the software development§process. This book enables understanding of the§deeper issues and challenges in developing secure§systems, the concepts for capturing security aspects§of socio-technical systems, and the support needed by§enterprises for the definition of security policies§as dictated by ISO security standards and data§protection legislation. The author presents the SI §modeling language and the Secure Tropos methodology§to address the problem of modeling and analyzing§security requirements at the organizational level.§The SI language employs a set of concepts founded on§the notions of permission, delegation, and trust.§These concepts are formalized and are shown to§support the requirements analysis process through a§formal reasoning tool. The Secure Tropos methodology§provides facilities for analyzing security§requirements and guidelines to identify appropriate§protection mechanisms.