A Social Ontology for Integrating Security and Software Engineering

A Social Ontology for Integrating Security and Software Engineering

E. Yu (University of Toronto, Canada), L. Liu (Tsinghua University, China) and J. Mylopoulos (University of Toronto, Canada)
DOI: 10.4018/978-1-60566-036-3.ch010


As software becomes more and more entrenched in everyday life in today’s society, security looms large as an unsolved problem. Despite advances in security mechanisms and technologies, most software systems in the world remain precarious and vulnerable. There is now widespread recognition that security cannot be achieved by technology alone. All software systems are ultimately embedded in some human social environment. The effectiveness of the system depends very much on the forces in that environment. Yet there are few systematic techniques for treating the social context of security together with technical system design in an integral way. In this chapter, we argue that a social ontology at the core of a requirements engineering process can be the basis for integrating security into a requirements driven software engineering process. We describe the i* agent-oriented modelling framework and show how it can be used to model and reason about security concerns and responses. A smart card example is used to illustrate. Future directions for a social paradigm for security and software engineering are discussed.
Chapter Preview


Despite ongoing advances in security technologies and software quality, new vulnerabilities continue to emerge. It is clear that there can be no perfect security. Security inevitability involves tradeoffs (Schneier, 2003). In practice, therefore, all one can hope for is “good enough” security (Sandhu, 2003).

Complete Chapter List

Search this Book: