Article Preview
TopIntroduction
Security and Dependability (S&D) are critical aspects in the development of IT systems (Anderson, 2001). The usual approach towards the inclusion of S&D concerns within a system is to identify security requirements after system design. Unfortunately, this makes the process inefficient and error-prone, mainly because security mechanisms have to be fitted into a pre-existing design which may not be able to accommodate them.
The literature in requirements engineering has highlighted the importance of analyzing S&D aspects since the early phases of the software development process (Giorgini et al., 2005a; Liu et al., 2003). It is also well accepted that S&D cannot be considered as purely technical issues but should be analyzed together with the organizational environment (Anderson, 1993). In this direction, goal-oriented approaches (Dardenne et al., 1993; Bresciani et al., 2004) have gained momentum in the community showing their relevance to model and analyze security issues within the organizational setting. This has spurred the definition of several goal-oriented frameworks for security requirements engineering (e.g., Giorgini et al., 2005a; Elahi et al., 2007). Requirements analysis, thus, is an iterative process where domain experts and analysts have to collaborate to elicit and analyze S&D requirements, besides the functional requirements of socio-technical systems. Often these security needs are common or “similar” to problems that security experts have seen before, and consequently the solution can be “similar” as well. The idea of using S&D patterns to provide solution to security requirements stems from this simple observation above. Patterns have been adopted into software engineering as a method for object-based reuse (Gamma et al., 1994) and security patterns (Yoder et al., 1997; Schumacher, 2003) have been proposed to capture and structure collective experience in the S&D domains and make this know-how available and exploitable for application designers. This transfer of knowledge is intended to improve the quality of the developed systems from an S&D point of view. However, most S&D patterns presents in the literature are technical patterns. Here we focus on organizational patterns where we consider the overall interactions between human and software components and the relative dependencies.
This article presents the process for capturing, validating, and applying S&D organizational patterns. Our proposed patterns have been used in widely different industrial contexts: Air Traffic Management (ATM) and e-Health Smart Items. In our work, we have adopted the SI* modeling framework (Massacci et al., 2008), an agent, goal-oriented framework that extends the i* framework (Yu, 1997) with the concepts of ownership, trust, delegation, and event for capturing and analyzing security and trust requirements of socio-technical systems (Giorgini et al., 2005a), designing access control policies (Massacci et al., 2008), and risk analysis (Asnar et al., 2008). In this article, we show how the SI* framework has been used by industries for the capturing of S&D organizational patterns and their validation by proof-of-concept implementation. We also discuss how patterns can be applied to a system so that it has a sufficient level of security.