Annotated Bib.: Designing security requirements models through planning

[1] V. Bryl, F. Massacci, J. Mylopoulos, and N. Zannone. Designing security requirements models through planning. In E. Dubois and K. Pohl, editors, CAiSE, volume 4001 of Lecture Notes in Computer Science, pages 33–47. Springer, 2006.

This paper is about having a requirements engineering methodology that addresses security, it uses Secure Tropos to extend it and build on it to get to the required result.

The paper started by stating how important is security and trust in the design of the system and the software, and then showed that the proposed solutions are largely domain-specific. the paper also detailed the process that security might be needed in during the design.

in the second part the paper explained the Secure tropos framework, and showed how it is the best choice to bullied on top of it; as it is able to describe both the system-to-be and its organizational environment starting with early phases of the system development process. The section also described the requirements verification process.

The third section talked about the design in the planning phase. section four was about the Domain, and section 5 was about delegation and contract. All these three section contributed toward the extended framework. It used a running example of a health insurance case, to describe the new framework.

Section 6 compared between several off-the-shelf planer to use one of them on association with the new extension. Analysing and comprising was based on 4 requirements. At the end and after a thrall comparison the "LPG-td" was chosen to be the planer to be used in the framework. After that the paper discussed related work.

The paper conclude that within the new extended Secure Tropos framework it is possible to automatically support the designer of secure and trusted systems also in the automatic selection of design alternatives, and it is possible with the use of an off-the-shelf planner to generate possible designs for not trivial security requirements.

Relation to research on hand, This paper might be focused more on Software engineering, and building secure softwares, but it is related on the methodology, where the same idea and approach can be used in BPM, and the secure tropos framework can be used to build business process models, so the new framework can be used to build models that includes security aspects in it.