MODELING SECURE SYSTEMS USING AN AGENT-ORIENTED APPROACH AND SECURITY PATTERNS
- 1 June 2006
- journal article
- Published by World Scientific Pub Co Pte Ltd in International Journal of Software Engineering and Knowledge Engineering
- Vol. 16 (3) , 471-498
- https://doi.org/10.1142/s0218194006002823
Abstract
In this paper we describe an approach for modeling security issues in information systems. It is based on an agent-oriented approach, and extends it with the use of security patterns. Agent-oriented software engineering provides advantages when modeling security issues, since agents are often a natural way of conceptualizing an information system, in particular at the requirements stage, when the viewpoints of multiple stakeholders need to be considered. Our approach uses the Tropos methodology for modeling a system as a set of agents and their social dependencies, with specific extensions for representing security constraints. As an extension to the existing methodology we propose the use of security patterns. These patterns capture proven solutions to common security issues, and support the systematic and structured mapping of these constraints to an architectural model of the system, in particular for non-security specialists.Keywords
This publication has 5 references indexed in Scilit:
- Specifying and analyzing early requirements in TroposRequirements Engineering, 2004
- Tropos: An Agent-Oriented Software Development MethodologyAutonomous Agents and Multi-Agent Systems, 2004
- Security Engineering with PatternsPublished by Springer Nature ,2003
- Non-Functional Requirements in Software EngineeringPublished by Springer Nature ,2000
- Goal-directed requirements acquisitionScience of Computer Programming, 1993