A Social Ontology for Integrating Security and Software Engineering

A Social Ontology for Integrating Security and Software Engineering

E. Yu (University of Toronto, Canada), L. Liu (Tsinghua University, China), and J. Mylopoulos (University of Toronto, Canada)
DOI: 10.4018/978-1-60566-060-8.ch048
OnDemand PDF Download:
No Current Special Offers


As software becomes more and more entrenched in everyday life in today’s society, security looms large as an unsolved problem. Despite advances in security mechanisms and technologies, most software systems in the world remain precarious and vulnerable. There is now widespread recognition that security cannot be achieved by technology alone. All software systems are ultimately embedded in some human social environment. The effectiveness of the system depends very much on the forces in that environment. Yet there are few systematic techniques for treating the social context of security together with technical system design in an integral way. In this chapter, we argue that a social ontology at the core of a requirements engineering process can be the basis for integrating security into a requirements driven software engineering process. We describe the i* agent-oriented modelling framework and show how it can be used to model and reason about security concerns and responses. A smart card example is used to illustrate. Future directions for a social paradigm for security and software engineering are discussed.

Complete Chapter List

Search this Book: