DISI Security Research Group Wiki

User Tools

Site Tools

Trace:
security_requirements_engineering

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
security_requirements_engineering [2013/04/02 17:04] fabio.massacci@unitn.itsecurity_requirements_engineering [2021/01/29 10:58] (current) – external edit 127.0.0.1
Line 54: Line 54:
   * Nicola Zannone   * Nicola Zannone
  
-==== Projects ====+===== Projects =====
  
 This activity was supported by a number of project This activity was supported by a number of project
Line 62: Line 62:
   * SERENITY    * SERENITY 
  
-==== Publications ====+===== Publications ====
 + 
 +==== 2013 ==== 
 +  * Tran L.M.S and Massacci F.: UNICORN: A Tool for Modeling and Reasoning on the Uncertainty of Requirements Evolutions. In: //CAiSE 2013 - Forum// {{:research_activities:security_requirements_engineering:tran-caiseforum13.pdf|PDF}} {{:research_activities:security_requirements_engineering:poster-tran-massacci-caiseforum.pdf|Poster}} 
 +  * Tran L.M.S.: Early Dealing with Evolving Risks in Software Systems. In: //The 3rd International Workshop on Information Systems Security Engineering (WISSE'13)//, co-located with CAiSE 2013, 17-21 June 2013, Valencia, Spain. {{:research_activities:security_requirements_engineering:tran-wisse13.pdf|PDF}}
    
 +==== 2012 ====
 +
   * Massacci F., Nagaraj D., Paci F., Tran L.M.S, Tedeschi, A. Assessing a Requirements Evolution Approach: Empirical Studies in the Air Traffic Management Domain. In Proceedings of International Workshop on Empirical Requirements Engineering (EmpiRE), 49--56, 2012.{{research_activities:security_requirements_engineering:mass-etal-empire2012.pdf|PDF}}.   * Massacci F., Nagaraj D., Paci F., Tran L.M.S, Tedeschi, A. Assessing a Requirements Evolution Approach: Empirical Studies in the Air Traffic Management Domain. In Proceedings of International Workshop on Empirical Requirements Engineering (EmpiRE), 49--56, 2012.{{research_activities:security_requirements_engineering:mass-etal-empire2012.pdf|PDF}}.
   * Paci F., Massacci F., Bouquet F.,  Debricon, S.Managing Evolution by Orchestrating Requirements and Testing Engineering Processes. In Proceedings of the Third International Workshop on Security Testing (SecTest), 834--841, 2012.{{sectest2012-paci.pdf|PDF}}   * Paci F., Massacci F., Bouquet F.,  Debricon, S.Managing Evolution by Orchestrating Requirements and Testing Engineering Processes. In Proceedings of the Third International Workshop on Security Testing (SecTest), 834--841, 2012.{{sectest2012-paci.pdf|PDF}}
 +
 +==== 2011 ====
   *  Asnar, Y., Li, T., Massacci, F., Paci, F. Computer Aided Threat Identification. In Proceedings of the IEEE Conference on Commerce and Enterprise Computing (CEC), 145--52, 2011.{{cec.pdf|PDF}}   *  Asnar, Y., Li, T., Massacci, F., Paci, F. Computer Aided Threat Identification. In Proceedings of the IEEE Conference on Commerce and Enterprise Computing (CEC), 145--52, 2011.{{cec.pdf|PDF}}
   *  Felix, E., Delande, O., Massacci, F., Paci, F. Managing Changes with Legacy Security Engineering Processes.In Proceedings of the IEEE Intelligence and Security Informatics Conference (ISI), 137--142, 2011.{{isi.pdf|PDF}}   *  Felix, E., Delande, O., Massacci, F., Paci, F. Managing Changes with Legacy Security Engineering Processes.In Proceedings of the IEEE Intelligence and Security Informatics Conference (ISI), 137--142, 2011.{{isi.pdf|PDF}}
Line 71: Line 79:
   * Bergmann, G., Massacci, F., Paci, F., Tun, T.T, Varro, D., Yu, Y. A Tool for ManagingEvolving Security Requirements. In Proceedings of CAISE'11 FORUM, 110--125, 2011.{{bergmann-caise-forum.pdf|PDF}}   * Bergmann, G., Massacci, F., Paci, F., Tun, T.T, Varro, D., Yu, Y. A Tool for ManagingEvolving Security Requirements. In Proceedings of CAISE'11 FORUM, 110--125, 2011.{{bergmann-caise-forum.pdf|PDF}}
   * Massacci, F., Mylopoulos, J., Paci, f.,Tun, T.T, Yu, Y. An extended Ontology for Security Requirements.In Proceedings of The First International Workshop on Information Systems Security Engineering (WISSE), 622--636, 2011.{{wisse-cameraready-paper7.pdf|PDF}}   * Massacci, F., Mylopoulos, J., Paci, f.,Tun, T.T, Yu, Y. An extended Ontology for Security Requirements.In Proceedings of The First International Workshop on Information Systems Security Engineering (WISSE), 622--636, 2011.{{wisse-cameraready-paper7.pdf|PDF}}
 +  * F. Massacci and N. Zannone. Detecting Conflicts between Functional and Security Requirements with Secure Tropos: John Rusnak and the Allied Irish Bank. In Social Modeling for Requirements Engineering. MIT Press. A very interesting case study.{{:research_activities:security_requirements_engineering:mass-zann-08-mitbook.pdf|PDF}}
 +  * L.M.S.Tran and F.Massacci. //Dealing with Known Unknowns: Towards a Game-Theoretic Foundation for Software Requirement Evolution//. In Proceeding of the 23rd International Conference on Advanced Information Systems Engineering (CAiSE'11) London, June 2011.{{:research_activities:security_requirements_engineering:forcaise-camera.pdf|PDF}}
 +  * L.M.S.Tran. //Requirement Evolution: Towards a Methodology and Framework//. In the CAiSE Doctoral Consortium 2011. London, June 2011. {{:research_activities:security_requirements_engineering:caise-dc-mst.pdf|PDF}}
   * Asnar Y., Massacci F., Saïdane A., Riccucci C., Felici M., Tedeschi A., El Khoury P., Li K., Seguran M., Zannone N.: Organizational Patterns for Security and Dependability: From Design to Application. International //Journal of Secure Software Engineering// 2(3):1-22 (2011)   * Asnar Y., Massacci F., Saïdane A., Riccucci C., Felici M., Tedeschi A., El Khoury P., Li K., Seguran M., Zannone N.: Organizational Patterns for Security and Dependability: From Design to Application. International //Journal of Secure Software Engineering// 2(3):1-22 (2011)
 +
 +==== Earlier papers ====
 +
   * Compagna L., El Khoury P., Massacci F., Saïdane A.: A Dynamic Security Framework for Ambient Intelligent Systems: A Smart-Home Based eHealth Application. Transactions on Computational Science 10:1-24 (2010)   * Compagna L., El Khoury P., Massacci F., Saïdane A.: A Dynamic Security Framework for Ambient Intelligent Systems: A Smart-Home Based eHealth Application. Transactions on Computational Science 10:1-24 (2010)
-  * Compagna L., El Khoury P., Krausová A., Massacci F, and Zannone N..How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns. //Artificial Intelligence and Law Journal// 17(1):1-30, 2009. +  * Compagna L., El Khoury P., Krausová A., Massacci F, and Zannone N..How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns. //Artificial Intelligence and Law Journal// 17(1):1-30, 2009.{{:research_activities:security_requirements_engineering:comp-etal-09-ailaw.pdf|PDF}} 
-  * Massacci F., and Mylopoulos J., Zannone N. Computer-aided Support for Secure Tropos. //Automated Software Engineering.// 14(3): 341-364, 2007+  * Massacci F., and Mylopoulos J., Zannone N. Computer-aided Support for Secure Tropos. //Automated Software Engineering.// 14(3): 341-364, 2007 {{:research_activities:security_requirements_engineering:mass-mylo-zann-07-asej.pdf|PDF}}. A comprehensive tutorial on the tool.
   * Massacci F., Mylopoulos J., Zannone N., "From Hippocratic Databases to Secure Tropos: a Computer-Aided Re-Engineering Approach". //International Journal of Software engineering and Knowledge Engineering//, 17(2):265-284, 2007.   * Massacci F., Mylopoulos J., Zannone N., "From Hippocratic Databases to Secure Tropos: a Computer-Aided Re-Engineering Approach". //International Journal of Software engineering and Knowledge Engineering//, 17(2):265-284, 2007.
-  * Giorgini P., Massacci F., Mylopoulos J., Zannone N., "Requirements Engineering for Trust Management: Model, Methodology, and Reasoning". //International Journal of Information Security//, 5(4):257-274, 2006. +  * Y. Asnar, R. Bonato, P. Giorgini, F. Massacci, V. Meduri, C. Ricucci and A. Saidane. Secure and Dependable Patterns in Organizations: An Empirical Approach. In //Proc. of IEEE RE'07, Industry Paper Track// IEEE Press 2007 
-  * Massacci F., Prest M., Zannone N., "Using a Security Requirements Engineering Methodology in Practice: the compliance with the Italian Data Protection Legislation". //Computer Standards & Interfaces//, 2005, v. 27, n. 5, p. 445-455.+  * F. Massacci, J. Mylopoulos and N. Zannone. Hierarchical Hippocratic Databases with Minimal Disclosure for Virtual Organizations. //The VLDB Journal//. 2006. {{:research_activities:security_requirements_engineering:mass-mylo-zann-06-vldbj.pdf|PDF}}. AN application of the methodology based on goal model to extract schemas for hippocratic databases. 
 +  * Giorgini P., Massacci F., Mylopoulos J., Zannone N., "Requirements Engineering for Trust Management: Model, Methodology, and Reasoning". //International Journal of Information Security//, 5(4):257-274, 2006. {{:research_activities:security_requirements_engineering:gior-mass-mylo-zann-06-ijis.pdf|PDF}}. An introduction to the methodology. 
 +  * P. Giorgini, F. Massacci, J. Mylopoulos and N. Zannone. Detecting Conflicts of Interest. In Proc. of IEEE RE'06. pages 315-318. IEEE Press, 2006. 
 +  * Massacci F., Prest M., Zannone N., "Using a Security Requirements Engineering Methodology in Practice: the compliance with the Italian Data Protection Legislation". //Computer Standards & Interfaces//, 2005, v. 27, n. 5, p. 445-455. {{:research_activities:security_requirements_engineering:mass-pres-zann-05-csi.pdf|PDF}}. One of our earliest papers and the most cited journal one. 
 +  * //**P. Giorgini, F. Massacci, J. Mylopoulos, N. Zannone: Modeling Security Requirements Through Ownership, Permission and Delegation. In Proc. of IEEE RE'05, IEEE Press 2005. (Ten Years Most Influential Paper IEEE RE 2015). {{:research_activities:security_requirements_engineering:gior-mass-mylo-zann-05-rea.pdf|PDF}}**// 
 +  * P. Giorgini, F. Massacci, J. Mylopoulos, N. Zannone: Modeling Social and Individual Trust in Requirements Engineering Methodologies. In Proc. of iTrust'05 LNCS Springer 2005. PDF 
  
-==== Talks and Tutorials ====+===== Talks and Tutorials =====
  
   * Y. Asnar and Fabio Massacci. //Managing Security in Services - a Goal & Process Approach//. Tutorial at the IEEE International Conference on Intelligence and Security Informatics. 2011 {{research_activities:security_requirements_engineering:tutorial-isi-2011.pdf|Tutorial Material}}.   * Y. Asnar and Fabio Massacci. //Managing Security in Services - a Goal & Process Approach//. Tutorial at the IEEE International Conference on Intelligence and Security Informatics. 2011 {{research_activities:security_requirements_engineering:tutorial-isi-2011.pdf|Tutorial Material}}.
 +  * Y. Asnar, H. W. Lim, F. Massacci, C. Worledge: Realizing Trustworthy Business Services by A New GRC. The //ISACA Journal// Online edition 2010. {{:research_activities:security_requirements_engineering:asna-etal-09-isacaj.pdf|PDF}}
 +===== Software =====
  
-==== Software ====+  *[[http://disi.unitn.it/~tran/pmwiki/pmwiki.php/Main/Unicorn|UNICORN ]]: a tool for modeling and reasoning on the uncertainty of requirements evolutions.  This is an Eclipse-based tool that aims to supports the modeling and reasoning on the uncertainty of requirements evolution. The tool provides graphical constructs as well as different views of requirements evolution to assist users to model requirements evolution. The reasoning facilitates the selection of design alternatives.
  
 +  *A very old tool that we used in the first papers is here. http://sesa.dit.unitn.it/sistar_tool 
security_requirements_engineering.1364915083.txt.gz · Last modified: (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki