ABSTRACT
Over the past years, research on specifying, designing and developing secured information systems (IS) has been very active. Some contributions have focused on integrating security aspects, mainly access control mechanisms, at the implementation phase. Others pay a particular attention to the capture and analysis of security requirements. However, to our knowledge, no method addresses the whole problem of the specification of security requirements and their transformation through all the phases of the IS development life cycle. We argue that better Secured IS can be obtained if security issues are taken into account at an earlier phase of the system life cycle and integrated with functional aspects along the whole life cycle. This paper is a step forward to a comprehensive security conceptual meta-model encompassing the main security properties such as availability, integrity, confidentiality, and accountability. It integrates functional and non-functional requirements. It includes social, organizational as well as informational aspects. This meta-model is the backbone of our approach.
- Basin, D., Doser, J., Lodderstedt, T. 2006. Model Driven Security: from UML Models to Access Control Infrastructures. ACM Trans. Softw. Eng. Meth. 15, 1 (Jan., 2006), 39--91. DOI= http://doi.acm.org/10.1145/1125808.1125810. Google ScholarDigital Library
- Brambilla, M., Cabot, J., Comai, S. 2007. Automatic Generation of Workflow-Extended Domain Models. In Proceeding of 10th Int. Conf. on Model Driven Engineering Languages and Systems (Nashville, USA, September 30- October 5, 2007). MoDELS'07, LNCS 4735, Springer Berlin Heidelberg, 375--389. DOI= http://dx.doi.org/10.1007/978-3-540-75209-7_26. Google ScholarDigital Library
- Bresciani, P., Perini, A., Giorgini, P., Giunchiglia, F., Mylopoulos, J. 2004. Tropos: An Agent-Oriented Software Development Methodology. Auton. Agent. Multi-Ag. Systems, 8, 3 (May. 2004), 203--236. DOI= http://dx.doi.org/10.1023/B:AGNT.0000018806.20944.ef Google ScholarDigital Library
- Breton, E., Bézivin, J. 2000. An Overview of Industrial Process Meta-models. In Proceeding of 13th Int. Conf. Softw. Sys. Eng. Applic. (Paris, France, December 5-8, 2000). ICSEA'00Google Scholar
- Breu, R., Popp, G., Alam, M. 2007. Model Based Development of Access Policies. Int. J. Softw. Tools Technol. Trans., 9, 5 (October, 2007), 457--470. DOI= http://dx.doi.org/10.1007/s10009-007-0045-y Google ScholarDigital Library
- Coma, C., Cuppens-Boulahia, N., Cuppens, F., Cavalli, A. R. 2008. Context Ontology for Secure Interoperability. In Proceeding of the 3rd Int. Conf. on Availability, Reliability and Security (Barcelona, Spain, March 4-7, 2008). ARES'08. IEEE Computer Society, 821--827. DOI= http://dx.doi.org/10.1109/ARES.2008.133 Google ScholarDigital Library
- Crook, R.; Ince, D., Nuseibeh, B. 2005. On Modeling Access Policies: Relating Roles to their Organisational Context. Requirement Engineering. In Proceeding of the 13th IEEE Int. Conf. on Requir. Eng. (Paris, France, August 29 - September 2, 2005). RE'05. IEEE Computer Society, 157--166. DOI= http://doi.ieeecomputersociety.org/10.1109/RE.2005.48 Google ScholarDigital Library
- Cuppens, F., Miège, A. 2003. Modelling Contexts in Or-BAC Model. In Proceeding of the 19th Annual Computer Security Applications Conference (Las Vegas, NV, USA, December 8 - 12, 2003). ACSAC'03, IEEE Computer Society, 416--427. Google ScholarDigital Library
- Eder, J., Gruber, W. 2002. A Meta-model for Structured Workflows Supporting Workflow Transformations. In Proceeding of the 6th East Euro. Conf. on Advances in Databases and Information Systems (Bratislava, Slovakia, September 8-11, 2002). ADBIS'02, LNCS 2435, Springer Berlin/Heidelberg, 326--339. DOI= http://dx.doi.org/10.1007/3-540-45710-0_26 Google ScholarDigital Library
- Fontaine, P. J. 2001. Goal-Oriented Elaboration of Security Requirement. Ph.D. thesis. University of Louvain. BelgiumGoogle Scholar
- Georg, G., Ray, I., Anastasakis, K., Bordbar, B., Toarcienne,M., Houmb, S., H. 2009. An Aspect-Oriented Methodology for Designing Secure Applications. Inform. Software. Tech., 51, 5, (May, 2009), 846--864. DOI= http://dx.doi.org/10.1016/j.infsof.2008.05.004 Google ScholarDigital Library
- Hafner, M., Memon, M., Alam, M. 2007. Modeling and Enforcing Advanced Access Control Policies in Healthcare Systems with SectetSource. In the Proceeding of the workshop on Model-Based Design of Trustworthy Health Information Systems in conjunction MoDELS'07 (Nashville, TN, USA, September 30, 2007). MOTHIS'07, LNCS 5002, Springer Berlin/Heidelberg, 132--144. DOI= http://dx.doi.org/10.1007/978-3-540-69073-3_15 Google ScholarDigital Library
- He, Q., Antón A. I. 2009. Requirements-based Access Control Analysis and Policy Specification. Inform. Software. Tech., 51, 6 (Jun., 2009), 993--1009. DOI= http://dx.doi.org/10.1016/j.infsof.2008.11.005. Google ScholarDigital Library
- He, Q., Antón, A. I.. 2003. A framework for Modeling Privacy Requirements in Role Engineering. In Proceeding of the 9th Int. workshop on Requirements Engineering for Software Quality (Klagenfurt, Velden, Austria, June 16 - 17). REFSQ'03, 115--124.Google Scholar
- Jürjens, J., Schreck, J., Bartmann, P. 2008. Model-Based Security Analysis for Mobile Communications. In Proceeding of the 30th int. Conf. Softw. Eng. (Leipzig, Germany, May 10 - 18, 2008). ICSE '08, ACM, 683--692. DOI= http://doi.acm.org/10.1145/1368088.1368186. Google ScholarDigital Library
- Khwaja, A, Urban, J. 2002. A Synthesis of Evaluation Criteria for Software Specifications and Specification Techniques. Int. J. Softw. Eng. and Know. Eng., 12, 5 (Aug., 2002), 581--599. DOI= http://dx.doi.org/10.1142/S0218194002001062Google Scholar
- Kradolfer, M. 2000. A Workflow Meta-model Supporting Dynamic Reuse-Based Model Evolution. Ph.D Thesis. University of Zurich.Google Scholar
- Lamsweerde, A. V. 2009. Requirements Engineering: From System Goals to UML Models to Software Specifications. Wiley, ISBN 978-0-470-01270-3.Google ScholarDigital Library
- Lei, Y., Singh, M. P. 1997. A Comparison of Workflow Meta-models. In Proceeding of the ER'97 workshop on Behavioral Models and Design Transformations: Issues and Opportunities in Conceptual Modeling (Los Angeles, California, November 6 - 7, 1997).Google Scholar
- List, B., Korherr, B. 2006. An Evaluation of Conceptual Business Process Modeling Languages. In the Proceeding of the 2006 ACM Symposium on Applied Computing (Dijon, France, April 23-27, 2006). SAC'06, 1532--1539. DOI= http://doi.acm.org/10.1145/1141277.1141633 Google ScholarDigital Library
- Liu, L., Yu, E., Mylopoulos, J. 2003. Security and Privacy Requirements Analysis within a Social Setting. In Proceeding of the 11th IEEE Int. Conf. on Requir. Eng. (Monterey Bay, California, USA, September 8-12, 2003). IEEE Computer Society, 151--161. DOI= http://doi.ieeecomputersociety.org/10.1109/ICRE.2003.1232 746 Google ScholarDigital Library
- Massacci, F., Zannone, N. 2008. A Model-Driven Approach for the Specification and Analysis of Access Control Policies. In the Proceeding of the int. conf. On the Move to Meaningful Internet Systems (Monterrey, Mexico, November 9-14, 2008). OTM'08, 1087--1103. DOI= http://dx.doi.org/10.1007/978-3-540-88873-4_11. Google ScholarDigital Library
- Mead, N. R., Viswanathan, V., Zhan, J. 2008. Incorporating Security Requirements Engineering into the Rational Unified Process. In Proceeding of the 2008 Int. conf. on Information Security and Assurance (Busan, Korea, April 24 - 26, 2008). ISA'08, IEEE Computer Society, 537--542. DOI= http://dx.doi.org/10.1109/ISA.2008.19 Google ScholarDigital Library
- Mellado, D., Fernández-Medina, M., Piattini, M. 2007. A Common Criteria Based Security Requirements Engineering Process for the Development of Secure Information Systems. Comp. Stand. Inter., 29, 2 (Feb. 2007), 244--253. DOI= http://dx.doi.org/10.1016/j.csi.2006.04.002 Google ScholarDigital Library
- Mouratidis, H. 2009. Secure Tropos: An Agent Oriented Software Engineering Methodology for the Development of Health and Social Care Information Systems. Int. J. Comp. Sci. Secur., 3, 3, 241--271.Google Scholar
- OMG. 2009. Business Process Model and Notation Specification, http://www.omg.org/spec/BPMN/1.2.Google Scholar
- Saidani, O., Nurcan, S. 2006. A Role-Based Approach for Modelling Flexible Business Processes. In Proceeding of the CAISE 2006 workshop on Business Process Modelling, Development, and Support (Luxemburg, June 5 - 9, 2006) BPMDS'06, CEUR-WS.org, 111--120.Google Scholar
- Sindre, G., Firesmith, D. G., Opdahl, A. L. 2003. A Reuse-Based Approach to Determining Security Requirements. In Proceeding of the 9th Int. workshop on Requirements Engineering: Foundation for Software Quality (Klagenfurt, Velden, Austria June 16 - 17,2003). REFSQ'03, 16--17.Google Scholar
- Sindre, G., Opdahl, A. 2005. Eliciting Security Requirements with Misuse Cases. Requir. Eng. 10, 1 (Jan. 2005), 34--44. DOI= http://dx.doi.org/10.1007/s00766-004-0194-4. Google ScholarDigital Library
- Susi, A., Perini, A., Mylopoulos, J., Giorgini, F. 2005. The Tropos Meta-model and its Use. Informatica, 29, 4, 401--408.Google Scholar
- Villarroel, R., Fernández-Medina, E., Piattini, M. 2005. Secure Information Systems Development - a survey and comparison. Comp. Secur. 24, 4 (Jun. 2005) 308--321. DOI= http://dx.doi.org/10.1016/j.cose.2004.09.011Google Scholar
- Wang, J. He, K., Gong, P., Wang C., Peng, P., Li, B. 2008. RGPS: A Unified Requirements Meta-Modeling Frame for Networked Software. In the Proceeding of the 3rd Int. Workshop on Applications and Advances of Problem Frames (Leipzig, Germany, May 10, 2008). IWAAPF'08 at ICSE'08, ACM, 29--35. DOI= http://doi.acm.org/10.1145/1370811.1370817 Google ScholarDigital Library
- Yu, E., Strohmaier, M., Deng, X. 2006. Exploring Intentional Modeling and Analysis for Enterprise Architecture. In Proceeding of the 10th IEEE on Int. Enterprise Distributed Object Computing Conference Workshops (Hong Kong, China, October 16-20, 2006). EDOCW'06. IEEE Computer Society, 32--32. DOI= http://dx.doi.org/10.1109/EDOCW.2006.36 Google ScholarDigital Library
- Zannone, N. 2009. The Si* Modeling Framework: Metamodel and Applications. Int. J. Softw. Eng. and Know. Eng., 19, 5, (Aug., 2009), 727--746. DOI= http://dx.doi.org/10.1142/S02181940090043Google Scholar
Index Terms
- A conceptual meta-model for secured information systems
Recommendations
Permanent protection of information systems with method of automated security and integrity control
SIN '10: Proceedings of the 3rd international conference on Security of information and networksInformation security is very important nowadays. Every IT system needs protection mechanisms for stability and safety of work. To solve this task, there are proposed a variety of security-providing solutions, but most of them are very expensive and non-...
Customized blockchain-based architecture for secure smart home for lightweight IoT
Highlights- A novel Blockchain-based solution for secure smart home systems, using a combined hyperledger fabric and hyperledger composer.
AbstractSafeguarding security and privacy remains a major challenge with regards to the Internet of Things (IoT) primarily due to the large scale and distribution of IoT networks. The information systems in Smart Homes are mainly based on ...
An information flow control meta-model
SACMAT '13: Proceedings of the 18th ACM symposium on Access control models and technologiesIn this paper a meta-model for information flow control is defined using the foundation of Barker's access control meta-model. The purposes for defining this meta-model is to achieve a more principled understanding of information flow control, to ...
Comments