25% Off Pre-Order Books with Code: PREORDER25 for Premium & Reward Members Shop Now
Security Requirements Engineering: Designing Secure Socio-Technical Systems

Security Requirements Engineering: Designing Secure Socio-Technical Systems

Security Requirements Engineering: Designing Secure Socio-Technical Systems
Add to Wishlist
ISBN-10:
0262034212
ISBN-13:
9780262034210
Pub. Date:
01/22/2016
Publisher:
MIT Press
ISBN-10:
0262034212
ISBN-13:
9780262034210
Pub. Date:
01/22/2016
Publisher:
MIT Press
Security Requirements Engineering: Designing Secure Socio-Technical Systems

Security Requirements Engineering: Designing Secure Socio-Technical Systems

Overview

A novel, model-driven approach to security requirements engineering that focuses on socio-technical systems rather than merely technical systems.

Security requirements engineering is especially challenging because designers must consider not just the software under design but also interactions among people, organizations, hardware, and software. Taking this broader perspective means designing a secure socio-technical system rather than a merely technical system. This book presents a novel, model-driven approach to designing secure socio-technical systems. It introduces the Socio-Technical Modeling Language (STS-ML) and presents a freely available software tool, STS-Tool, that supports this design approach through graphical modeling, automated reasoning capabilities to verify the models constructed, and the automatic derivation of security requirements documents.

After an introduction to security requirements engineering and an overview of computer and information security, the book presents the STS-ML modeling language, introducing the modeling concepts used, explaining how to use STS-ML within the STS method for security requirements, and providing guidelines for the creation of models. The book then puts the STS approach into practice, introducing the STS-Tool and presenting two case studies from industry: an online collaborative platform and an e-Government system. Finally, the book considers other methods that can be used in conjunction with the STS method or that constitute an alternative to it. The book is suitable for course use or as a reference for practitioners. Exercises, review questions, and problems appear at the end of each chapter.

Product Details

ISBN-13: 9780262034210
Publisher: MIT Press
Publication date: 01/22/2016
Series: Information Systems
Edition description: New Edition
Pages: 224
Product dimensions: 7.00(w) x 9.10(h) x 0.70(d)
Age Range: 18 Years

About the Author

Fabiano Dalpiaz is Assistant Professor in the Department of Information and Computing Sciences at Utrecht University, the Netherlands.

Elda Paja is a Postdoctoral Research Fellow in the Department of Engineering and Computer Science at the University of Trento, Italy.

Paolo Giorgini is Associate Professor in the Department of Engineering and Computer Science at the University of Trento.

Table of Contents

List of Figures xiii

List of Tables xvii

Preface xix

I Introduction 1

1 Security Requirements Engineering 3

1.1 The dawn of security requirements engineering 3

1.2 The era of socio-technical systems 5

1.3 Security in socio-technical systems 6

1.4 On the need of a new approach 7

1.5 Running example: healthcare 8

2 An Overview of Computer and Information Security 11

2.1 A security taxonomy 12

2.1.1 Confidentiality 12

2.1.2 Integrity 13

2.1.3 Availability 14

2.1.4 Authenticity

2.1.5 Reliability 15

2.1.6 Accountability 15

2.2 Managing security: threat and risk analysis 16

2.2.1 Identification of assets and threats 17

2.2.2 Finding and assessing vulnerabilities 18

2.2.3 Risk assessment 20

2.2.4 Risk response: counter measures 20

2.3 Security mechanisms 22

2.4 Chapter summary 27

2.5 Exercises 27

Review questions 27

II The STS-ml Modeling Language 29

3 The Socio-Technical Security Modeling Language 31

3.1 The ten design principles for STS-ml 31

3.2 Representing actors in socio-technical systems 35

3.2.1 Actor types 35

3.2.2 Actor assets 37

3.2.3 Actor models 41

3.2.4 Structuring information and documents 45

3.3 Modeling the interactions among actors 46

3.4 Events and threats 51

3.5 Expressing security requirements in STS-ml 52

3.5.1 Confidentiality 53

3.5.2 Integrity 58

3.5.3 Availability 60

3.5.4 Authenticity 62

3.5.5 Reliability 64

3.5.6 Accountability 66

3.6 Chapter summary 69

3.7 Exercises 70

Review questions 70

Problems 71

4 Social, Information, and Authorization Views 73

4.1 Multi-view modeling in STS-ml 73

4.2 Social view 74

4.2.1 Concepts and intentional relationships 75

4.2.2 Social relationships 81

4.2.3 Events and threats 82

4.2.4 Security requirements in the social view 82

4.3 Information view 87

4.4 Authorization view 90

4.5 Chapter summary 93

4.6 Exercises 94

Review questions 94

Problems 94

III From STS-ml to the STS Method 97

5 Automated Analysis of STS-ml Models 99

5.1 Model well-formedness analysis 100

5.1.1 Empty diagram 100

5.1.2 Goal single decomposition 100

5.1.3 Delegation child cycle 101

5.1.4 Documents part-of cycle 101

5.1.5 Information part-of cycle 101

5.1.6 Information without ownership 102

5.1.7 Authorizations validity 102

5.1.8 Duplicate authorizations 102

5.2 Requirements conflict analysis: security analysis 103

5.2.1 Conflicting authorizations 103

5.2.2 Conflicts between business policies and security requirements 105

5.3 Threat analysis 112

5.4 Improving a model through analysis 114

5.4.1 Well-formedness analysis 114

5.4.2 Security analysis 115

5.4.3 Threat analysis 116

5.5 Chapter summary 116

5.6 Exercises 117

Review questions 117

Problems 117

6 The Socio-Technical Security Method 119

6.1 Method overview 119

6.2 STS as part of software/systems engineering methods 121

6.3 Process and roles 121

6.4 Phase 1: social modeling 124

6.5 Phase 2: information modeling 125

6.6 Phase 3: authorization modeling 126

6.7 Phase 4: automated analysis 126

6.8 Phase 5: specification 127

6.9 Chapter summary 128

6.10 Exercises 128

Review questions 128

Problems 128

IV STS in Practice: Tool and Case Studies 131

7 STS-Tool 133

7.1 Modeling features 133

7.2 Analysis support 135

7.3 Security requirements derivation 136

7.4 Architectural overview 139

7.5 Chapter summary 140

7.6 Exercises 141

Review questions 141

Problems 141

8 STS Method in Action 143

8.1 Trentino as a Lab 143

8.1.1 Social modeling 144

8.1.2 Information modeling 149

8.1.3 Authorization modeling 152

8.1.4 Automated analysis 154

8.1.5 Specification 158

8.2 E- Government 158

8.2.1 Social modeling- 160

8.2.2 Information modeling 163

8.2.3 Authorization modeling 165

8.2.4 Automated analysis 167

8.2.5 Specification 170

8.3 Chapter summary 171

8.4 Exercises 171

Review questions 171

Problems 172

V Beyond the STS Method 173

9 Alternative and Complementary App roaches 175

9.1 Extensions of use cases 175

9.2 Anti-goals 178

9.3 Abuse frames 179

9.4 SecurcUML 181

9.5 UMLsec 182

9.6 Secure Tropos 184

9.7 SI* 185

9.8 SecBPMN 188

9.9 SQUARE 189

9.10 Stride 191

9.11 Security patterns 192

9.12 Summary 192

9.13 Exercises 194

Review questions 194

Bibliography 195

Index 199

What People are Saying About This

Carlo Ghezzi

Information security concerns are becoming crucial in a society that increasingly relies on socio-technical systems, where humans and organizations live in cyberspaces governed by technology. How can designers be guided to understand security requirements? How can these be formulated as explicit design goals? How can development of complex socio-technical systems follow such requirements? No other book presently answers these questions. Thanks to the didactic effort of world-leading researchers, you can find a comprehensive set of answers in this book.

Bashar Nuseibeh

Software-intensive systems do not operate in a vacuum: they are typically part of a social environment in which they affect and are affected by phenomena in the real world. This also means that such systems can be adversely affected by misuse—intentional or malicious—and, therefore, engineers increasingly carry the responsibility of developing systems that also address a range of security requirements, which also need to be understood, communicated, and subsequently, implemented. This book is a welcome and timely contribution to research and practice in this crucial area of engineering secure systems. Its focus on security requirements deals squarely with the challenge at source: the problem world, where assets, threats, and malicious agents reside.

Endorsement

Software-intensive systems do not operate in a vacuum: they are typically part of a social environment in which they affect and are affected by phenomena in the real world. This also means that such systems can be adversely affected by misuse—intentional or malicious—and, therefore, engineers increasingly carry the responsibility of developing systems that also address a range of security requirements, which also need to be understood, communicated, and subsequently, implemented. This book is a welcome and timely contribution to research and practice in this crucial area of engineering secure systems. Its focus on security requirements deals squarely with the challenge at source: the problem world, where assets, threats, and malicious agents reside.

Bashar Nuseibeh, Professor of Computing, The Open University; Professor of Software Engineering, Lero

From the Publisher

Information security concerns are becoming crucial in a society that increasingly relies on socio-technical systems, where humans and organizations live in cyberspaces governed by technology. How can designers be guided to understand security requirements? How can these be formulated as explicit design goals? How can development of complex socio-technical systems follow such requirements? No other book presently answers these questions. Thanks to the didactic effort of world-leading researchers, you can find a comprehensive set of answers in this book.

Carlo Ghezzi, Professor of Software Engineering, Politecnico di Milano

Software-intensive systems do not operate in a vacuum: they are typically part of a social environment in which they affect and are affected by phenomena in the real world. This also means that such systems can be adversely affected by misuse—intentional or malicious—and, therefore, engineers increasingly carry the responsibility of developing systems that also address a range of security requirements, which also need to be understood, communicated, and subsequently, implemented. This book is a welcome and timely contribution to research and practice in this crucial area of engineering secure systems. Its focus on security requirements deals squarely with the challenge at source: the problem world, where assets, threats, and malicious agents reside.

Bashar Nuseibeh, Professor of Computing, The Open University; Professor of Software Engineering, Lero

From the B&N Reads Blog
Page 1 of

Related Subjects

Computers
Social Sciences
Science & Technology
Engineering
Technology
Computers - General & Miscellaneous
Social Sciences - General & Miscellaneous
Social & Cultural Aspects of Technology
Computer Programming
Computer Security
Social Aspects of Technology
Systems Analysis and Design - Programming
Computers
Social Sciences
Science & Technology
Engineering
Technology
Computers - General & Miscellaneous
Social Sciences - General & Miscellaneous
Social & Cultural Aspects of Technology
Computer Programming
Computer Security
Social Aspects of Technology
Systems Analysis and Design - Programming

Customer Reviews