A Social Ontology for Integrating Security and Software Engineering

A Social Ontology for Integrating Security and Software Engineering

E. Yu (University of Toronto, Canada), L. Liu (Tsinghua University, China) and J. Mylopoulous (University of Toronto, Canada)
DOI: 10.4018/978-1-59904-147-6.ch004
OnDemand PDF Download:


As software becomes more and more entrenched in everyday life in today’s society, security looms large as an unsolved problem. Despite advances in security mecha-nisms and technologies, most software systems in the world remain precarious and vulnerable. There is now widespread recognition that security cannot be achieved by technology alone. All software systems are ultimately embedded in some human social environment. The effectiveness of the system depends very much on the forces in that environment. Yet there are few systematic techniques for treating the social context of security together with technical system design in an integral way. In this chapter, we argue that a social ontology at the core of a requirements engineering process can be the basis for integrating security into a requirements driven software engineering process. We describe the i* agent-oriented modelling framework and show how it can be used to model and reason about security concerns and responses. A smart card example is used to illustrate. Future directions for a social paradigm for security and software engineering are discussed.

Complete Chapter List

Search this Book:
Table of Contents
Bashar Nuseibeh
Paolo Giorgini, Haralambos Mouratidis
Chapter 1
H. Mouratidis, P. Giorgini
This chapter serves as an introduction to this book. It introduces software engineer-ing, security engineering, and secure software engineering... Sample PDF
Integrating Security and Software Engineering: An Introduction
Chapter 2
C. B. Haley, R. Laney, J. D. Moffett, B. Nuseibeh
This chapter presents a process for security requirements elicitation and analysis, based around the construction of a satisfaction argument for the... Sample PDF
Arguing Satisfaction of Security Requirements
Chapter 3
N. R. Mead
In this chapter, we describe general issues in developing security requirements, meth-ods that have been useful, and a method (SQUARE) that can be... Sample PDF
Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method
Chapter 4
E. Yu, L. Liu, J. Mylopoulous
As software becomes more and more entrenched in everyday life in today’s society, security looms large as an unsolved problem. Despite advances in... Sample PDF
A Social Ontology for Integrating Security and Software Engineering
Chapter 5
E. B. Fernandez, M. M. Larrondo-Petrie, T. Sorgente, M. Vanhilst
We are developing a methodology to build secure software for complex applications and its related support. This methodology considers the whole... Sample PDF
A Methodology to Develop Secure Systems Using Patterns
Chapter 6
M. Weiss
While many theoretical approaches to security engineering exist, they are often limited to systems of a certain complexity, and require security... Sample PDF
Modelling Security Patterns Using NFR Analysis
Chapter 7
M. Siponen, R. Baskerville, R. Kuivalainen
Software developers can use agile software development methods to build secure information systems. Current agile methods have few (if any) explicit... Sample PDF
Extending Security in Agile Software Development Methods
Chapter 8
P. Giorgini, H. Mouratidis, N. Zannone
Although the concepts of security and trust play an important issue in the development of information systems, they have been mainly neglected by... Sample PDF
Modelling Security and Trust with Secure Tropos
Chapter 9
S. H. Houmb, G. Georg, J. Jurjens, R. France
This chapter describes the integrated security veri?cation and security solution design trade-off analysis (SVDT) approach. SVDT is useful when... Sample PDF
An Integrated Security Verification and Security Solution Design Trade-Off Analysis Approach
Chapter 10
M. Koch, F. Parisi-Presicce, K. Pauls
Security requirements have become an integral part of most modern software systems. In order to produce secure systems, it is necessary to provide... Sample PDF
Access Control Specification in UML
Chapter 11
A. Mana, C. Rudolph, G. Spanoudakis, V. Lotz, F. Massacci, M. Melideo, J. S. Lopez-Cobo
The scenarios of Ambient Intelligence introduce a new computing paradigm and set new challenges for the design and engineering of secure and... Sample PDF
Security Engineering for Ambient Intelligence: A Manifesto
Chapter 12
H. Mouratidis, P. Giorgini
The previous chapters of this book have presented promising approaches in the secure software engineering ?eld. However, the ?eld is still in its... Sample PDF
Integrating Security and Software Engineering: Future Vision and Challenges
About the Authors