Abstract
Smart grids are expected to scale over millions of users and provide numerous services over geographically distributed entities. Moreover, smart grids are expected to contain controllable local systems (CLS) such as fridges or heaters that can be controlled using the network communication technology of the grid. Security solutions that prevent harm to the grid and to its stakeholders from CLS are essential. Moreover, traditional security approaches such as static access control systems cause a lot of administrative workload and are difficult to maintain in fast growing and changing systems. In contrast, trust management is a soft security mechanism that can reduce this workload significantly. Even though there is not any accepted definition of trust, it is agreed that it can improve decision-making processes under risk and uncertainty, improving in turn systems’ security. We use the problem frames notation to discuss requirements for a trust-based security solution concerning CLS.
This research was partially supported by the EU project Network of Excellence on Engineering Secure Future Internet Software Services and Systems (NESSoS, ICT-2009.1.4 Trustworthy ICT, Grant No. 256980). The first author is funded by the Spanish Ministry of Education through the national F.P.U. program.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
Note that for readability purposes we simplified the profile and several domains are not illustrated in Fig. 1, e.g., display domains and assets.
- 3.
We are assuming a trust model consisting of two factors: an explicit trust assigned by the user and the reputation of the trustee, which is computed by aggregating different claims of OtherConsumers, AuthorizedExternalEntity and SmartMeteringGateway. However, any other kind of trust model that considers other factors can be specified.
References
Moyano, F., Fernandez-Gago, C., Lopez, J.: A conceptual framework for trust models. In: Fischer-Hübner, S., Katsikas, S., Quirchmayr, G. (eds.) TrustBus 2012. LNCS, vol. 7449, pp. 93–104. Springer, Heidelberg (2012)
Kirtland, A., Schiff, A.: On a scale of 1 to 5: understanding risk improves rating and reputation systems (2008). http://boxesandarrows.com/on-a-scale-of-1-to-5/
Rasmusson, L., Jansson, S.: Simulated social control for secure internet commerce. In: Proceedings of the 1996 Workshop on New Security Paradigms, NSPW ’96, pp. 18–25. ACM, New York (1996)
Roman, R., Zhou, J., Lopez, J.: On the features and challenges of security and privacy in distributed internet of things. Comput. Netw. 57, 2266–2279 (2013)
European Commission: Restructuring in Europe 2011: restructuring and anticipation of change, what lessons from recent experience? (2012). http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=SEC:2012:0059:FIN:EN:PDF
Jackson, M.: Problem Frames: Analyzing and Structuring Software Development Problems. Addison-Wesley, Boston (2001)
Massacci, F., Mylopoulos, J., Zannone, N.: Security requirements engineering: the SI* modeling language and the secure tropos methodology. In: Ras, Z.W., Tsay, L.-S. (eds.) Advances in Intelligent Information Systems. SCI, vol. 265, pp. 147–174. Springer, Heidelberg (2010)
van Lamsweerde, A.: Requirements Engineering: From System Goals to UML Models to Software Specifications, 1st edn. Wiley, Hoboken (2009)
Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis: The CORAS Approach, 1st edn. Springer, Heidelberg (2010)
UML Revision Task Force: OMG Object Constraint Language: Reference, February (2010)
Côté, I., Hatebur, D., Heisel, M., Schmidt, H.: UML4PF - a tool for problem-oriented requirements analysis. In: Proceedings of the International Conference on Requirements Engineering (RE), pp. 349–350. IEEE Computer Society (2011)
Côté, I.: A Systematic Approach to Software Evolution. Deutscher Wissenschafts-Verlag (DWV), Baden-Baden (2012)
Marsh, S.: Formalising Trust as a Computational Concept. Ph.D. thesis, University of Stirling (1994)
Jøsang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decis. Support Syst. 43(2), 618–644 (2007)
Hatebur, D., Heisel, M.: A UML profile for requirements analysis of dependable software. In: Schoitsch, E. (ed.) SAFECOMP 2010. LNCS, vol. 6351, pp. 317–331. Springer, Heidelberg (2010)
Hatebur, D., Heisel, M., Schmidt, H.: A formal metamodel for problem frames. In: Czarnecki, K., Ober, I., Bruel, J.-M., Uhl, A., Völter, M. (eds.) MODELS 2008. LNCS, vol. 5301, pp. 68–82. Springer, Heidelberg (2008)
Jackson, M., Zave, P.: Deriving specifications from requirements: an example. In: Proceedings of the 17th International Conference on Software Engineering, Seattle, USA, pp. 15–24. ACM Press (1995)
Haley, C.B., Laney, R.C., Nuseibeh, B.: Deriving security requirements from crosscutting threat descriptions. In: Proceedings of the 3rd International Conference on Aspect-Oriented Software Development, AOSD ’04, pp. 112–121. ACM (2004)
Salifu, M., Yu, Y., Nuseibeh, B.: Specifying monitoring and switching problems in context. In: 15th IEEE International Requirements Engineering Conference, 2007, RE ’07, pp. 211–220 (2007)
Jürjens, J.: UMLsec: extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, p. 412. Springer, Heidelberg (2002)
Lodderstedt, T., Basin, D., Doser, J.: SecureUML: a UML-based modeling language for model-driven security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, p. 426. Springer, Heidelberg (2002)
Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(2), 285–309 (2007)
van Lamsweerde, A., Letier, E.: Handling obstacles in goal-oriented requirements engineering. IEEE Trans. Softw. Eng. 26(10), 978–1005 (2000)
Paci, F., Fernandez-Gago, C., Moyano, F.: Detecting insider threats: a trust-aware framework. In: 8th International Conference on Availability, Reliability and Security, Regensburg, Germany, Nov 2013, pp. 121–130. IEEE (2013)
Pavlidis, M., Mouratidis, H., Islam, S.: Modelling security using trust based concepts. IJSSE 3(2), 36–53 (2012)
BSI: Protection Profile for the Gateway of a Smart Metering System (Gateway PP). Version 01.01.01(final draft), Bundesamt fĂĽr Sicherheit in der Informationstechnik (BSI) - Federal Office for Information Security Germany (2011) https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/SmartMeter/PP-Smart.Meter.pdf?_blob=publicationFile
ISO/IEC: Information technology - Security techniques - Information security management systems - Requirements. ISO/IEC 27001, International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Moyano, F., Fernández-Gago, C., Beckers, K., Heisel, M. (2014). Enhancing Problem Frames with Trust and Reputation for Analyzing Smart Grid Security Requirements. In: Cuellar, J. (eds) Smart Grid Security. SmartGridSec 2014. Lecture Notes in Computer Science(), vol 8448. Springer, Cham. https://doi.org/10.1007/978-3-319-10329-7_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-10329-7_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-10328-0
Online ISBN: 978-3-319-10329-7
eBook Packages: Computer ScienceComputer Science (R0)