Security Requirements Engineering
Designing Secure Socio-Technical Systems
by Dalpiaz, Paja, Giorgini
ISBN: 9780262364089 | Copyright 2016
Instructor Requests
Security requirements engineering is especially challenging because designers must consider not just the software under design but also interactions among people, organizations, hardware, and software. Taking this broader perspective means designing a secure socio-technical system rather than a merely technical system. This book presents a novel, model-driven approach to designing secure socio-technical systems. It introduces the Socio-Technical Modeling Language (STS-ML) and presents a freely available software tool, STS-Tool, that supports this design approach through graphical modeling, automated reasoning capabilities to verify the models constructed, and the automatic derivation of security requirements documents.
After an introduction to security requirements engineering and an overview of computer and information security, the book presents the STS-ML modeling language, introducing the modeling concepts used, explaining how to use STS-ML within the STS method for security requirements, and providing guidelines for the creation of models. The book then puts the STS approach into practice, introducing the STS-Tool and presenting two case studies from industry: an online collaborative platform and an e-Government system. Finally, the book considers other methods that can be used in conjunction with the STS method or that constitute an alternative to it. The book is suitable for course use or as a reference for practitioners. Exercises, review questions, and problems appear at the end of each chapter.
Information security concerns are becoming crucial in a society that increasingly relies on socio-technical systems, where humans and organizations live in cyberspaces governed by technology. How can designers be guided to understand security requirements? How can these be formulated as explicit design goals? How can development of complex socio-technical systems follow such requirements? No other book presently answers these questions. Thanks to the didactic effort of world-leading researchers, you can find a comprehensive set of answers in this book.
Carlo Ghezzi Professor of Software Engineering, Politecnico di Milano
Software-intensive systems do not operate in a vacuum: they are typically part of a social environment in which they affect and are affected by phenomena in the real world. This also means that such systems can be adversely affected by misuse—intentional or malicious—and, therefore, engineers increasingly carry the responsibility of developing systems that also address a range of security requirements, which also need to be understood, communicated, and subsequently, implemented. This book is a welcome and timely contribution to research and practice in this crucial area of engineering secure systems. Its focus on security requirements deals squarely with the challenge at source: the problem world, where assets, threats, and malicious agents reside.
Bashar Nuseibeh Professor of Computing, The Open University; Professor of Software Engineering, Lero
| Expand/Collapse All | |
|---|---|
| Contents (pg. vii) | |
| List of Figures (pg. xiii) | |
| List of Tables (pg. xvii) | |
| Preface (pg. xix) | |
| I INTRODUCTION (pg. 1) | |
| 1 Security Requirements Engineering (pg. 3) | |
| 1.1 The dawn of security requirements engineering (pg. 3) | |
| 1.2 The era of socio-technical systems (pg. 5) | |
| 1.3 Security in socio-technical systems (pg. 6) | |
| 1.4 On the need of a new approach (pg. 7) | |
| 1.5 Running example: healthcare (pg. 8) | |
| 2 An Overview of Computer and Information Security (pg. 11) | |
| 2.1 A security taxonomy (pg. 12) | |
| 2.2 Managing security: threat and risk analysis (pg. 16) | |
| 2.3 Security mechanisms (pg. 22) | |
| 2.4 Chapter summary (pg. 27) | |
| 2.5 Exercises (pg. 27) | |
| II THE STS-ml MODELING LANGUAGE (pg. 29) | |
| 3 The Socio-Technical Security Modeling Language (pg. 31) | |
| 3.1 The ten design principles for STS-ml (pg. 31) | |
| 3.2 Representing actors in socio-technical systems (pg. 35) | |
| 3.3 Modeling the interactions among actors (pg. 46) | |
| 3.4 Events and threats (pg. 51) | |
| 3.5 Expressing security requirements in STS-ml (pg. 52) | |
| 3.6 Chapter summary (pg. 69) | |
| 3.7 Exercises (pg. 70) | |
| 4 Social, Information, and Authorization Views (pg. 73) | |
| 4.1 Multi-view modeling in STS-ml (pg. 73) | |
| 4.2 Social view (pg. 74) | |
| 4.3 Information view (pg. 87) | |
| 4.4 Authorization view (pg. 90) | |
| 4.5 Chapter summary (pg. 93) | |
| 4.6 Exercises (pg. 94) | |
| III FROM STS-ml TO THE STS METHOD (pg. 97) | |
| 5 Automated Analysis of STS-ml Models (pg. 99) | |
| 5.1 Model well-formedness analysis (pg. 100) | |
| 5.2 Requirements conflict analysis: security analysis (pg. 103) | |
| 5.3 Threat analysis (pg. 112) | |
| 5.4 Improving a model through analysis (pg. 114) | |
| 5.5 Chapter summary (pg. 116) | |
| 5.6 Exercises (pg. 117) | |
| 6 The Socio-Technical Security Method (pg. 119) | |
| 6.1 Method overview (pg. 119) | |
| 6.2 STS as part of software/systems engineering methods (pg. 121) | |
| 6.3 Process and roles (pg. 121) | |
| 6.4 Phase 1: social modeling (pg. 124) | |
| 6.5 Phase 2: information modeling (pg. 125) | |
| 6.6 Phase 3: authorization modeling (pg. 126) | |
| 6.7 Phase 4: automated analysis (pg. 126) | |
| 6.8 Phase 5: specification (pg. 127) | |
| 6.9 Chapter summary (pg. 128) | |
| 6.10 Exercises (pg. 128) | |
| IV STS IN PRACTICE: TOOL AND CASE STUDIES (pg. 131) | |
| 7 STS-Tool (pg. 133) | |
| 7.1 Modeling features (pg. 133) | |
| 7.2 Analysis support (pg. 135) | |
| 7.3 Security requirements derivation (pg. 136) | |
| 7.4 Architectural overview (pg. 139) | |
| 7.5 Chapter summary (pg. 140) | |
| 7.6 Exercises (pg. 141) | |
| 8 STS Method in Action (pg. 143) | |
| 8.1 Trentino as a Lab (pg. 143) | |
| 8.2 E-Government (pg. 158) | |
| 8.3 Chapter summary (pg. 171) | |
| 8.4 Exercises (pg. 171) | |
| V BEYOND THE STS METHOD (pg. 173) | |
| 9 Alternative and Complementary Approaches (pg. 175) | |
| 9.1 Extensions of use cases (pg. 175) | |
| 9.2 Anti-goals (pg. 178) | |
| 9.3 Abuse frames (pg. 179) | |
| 9.4 SecureUML (pg. 181) | |
| 9.5 UMLsec (pg. 182) | |
| 9.6 Secure Tropos (pg. 184) | |
| 9.7 SI* (pg. 185) | |
| 9.8 SecBPMN (pg. 188) | |
| 9.9 SQUARE (pg. 189) | |
| 9.10 STRIDE (pg. 191) | |
| 9.11 Security patterns (pg. 192) | |
| 9.12 Summary (pg. 192) | |
| 9.13 Exercises (pg. 194) | |
| Bibliography (pg. 195) | |
| Index (pg. 199) | |
Fabiano Dalpiaz
Fabiano Dalpiaz is Assistant Professor in the Department of Information and Computing Sciences at Utrecht University, the Netherlands.
Elda Paja
Elda Paja is a Postdoctoral Research Fellow in the Department of Engineering and Computer Science at the University of Trento, Italy.
Paolo Giorgini
Paolo Giorgini is Associate Professor in the Department of Engineering and Computer Science at the University of Trento.
| Instructors Only | |
|---|---|
|
You must have an instructor account and submit a request to access instructor materials for this book.
|
|
eTextbook
Go paperless today! Available online anytime, nothing to download or install.
Features
|
