Eric Dubois

Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development

Security is a major target for todays information systems (IS) designers. Security modelling languages exist to reason on security in the early phases of IS development, when the most crucial design decisions are made. Reasoning on security involves analysing risk, and effectively communicating risk-related information. However, we think that current languages can be improved in this respect. In this paper, we discuss this issue for Secure Tropos, the language supporting the eponymous agent-based IS development. We analyse it and suggest improvements in the light of an existing reference model for IS security risk management. This allows for checking Secure Tropos concepts and terminology against those of current risk management standards, thereby improving the conceptual appropriateness of the language. The paper follows a running example, called eSAP, located in the healthcare domain.

Requirements Engineering for Improving Business/IT Alignment in Security Risk Management Methods

Information systems (IS) security within organizations is more and more focused around risk management approaches. Central to these approaches is the need for a better understanding of the required alignment between the business view of the organization and the architecture of its underlying IS. Through the use of requirements engineering techniques, the paper suggests how this business/IT interoperability issue is tackled together with the clarification of the underlying security risk management ontology.

A framework for dealing with and specifying security requirements in information systems

As security is becoming increasingly important for an Information System (IS), specifying information system security is considered as a major priority in secure system development. In this paper we present a Requirements Engineering (RE) framework for dealing with and specifying IS security requirements. Within the framework, we propose to view security requirements as quality requirements so that a goal-oriented approach in the RE field can be applied to deal with them. In our study, specifying some security requirements is based on the Albert language, a new formal language for modelling functional requirements relating to distributed real-time systems.

Managing the Alignment between Business and Software Services Requirements from a Capability Model Perspective

In this paper we introduce a framework for capturing and managing the requirements associated with the non-functional part of the services like service management, security management, assurance, for which norms, recommendations and good practices exist. The proposed framework considers these service requirements both from a business and a software perspective. The elicitation, the capture and the traceability issues related to these requirements are solved with goal-oriented requirements engineering techniques, while the structuring and the assessment of the requirements is based on the ISO/IEC-15504 standard. The overall framework is illustrated with a business case run by our research centre in a public/private partnership. It is associated with the design of project management services delivered through a portal and is focusing on the services management requirements in relation with the IT service management ISO/IEC 20000 norm.

If Business Models Could Speak! Efficient: a Framework for Appraisal, Design and Simulation of Electronic Business Transactions

In this paper we investigate the development of an appropriate business model associated with B2B transactions, designed according to the newly introduced ebXML standards. We explain the added value of such business model in complement to the more technical models defined by ebXML. In particular we explain the importance of achieving a better definition of the economic value associated with a B2B transaction. Together with the proposed business model ontology we also introduce a tool for supporting its management as well as a simulation tool for supporting decision making between different models.

An Agent-Based System to Support Assurance of Security Requirements

Current approaches to evaluating security assurance either focus on the software development stage or at the end product software. However, most often, it is after the deployment or implementation phase that specified security requirements may be violated. This may be due to improper deployment of the security measures, environmental hazards or to the fact that the assumptions under which the security requirements have been specified have become invalid. As such, this paper proposes an approach (supported by a system) which will complement security requirements engineering methodologies by gathering continuous evidence to inform on whether the security requirements elucidated during system development stage have been correctly implemented and as such, they can be relied upon to effectively protect system assets at runtime. We use Secure Tropos methodology to highlight the security assurance case and elicit the features of our security assurance evaluation system. We further depict the security assurance evaluation through an example based on firewalls configurations.

Security Assurance Metrics and Aggregation Techniques for IT Systems

Research literature has argued the need for a methodology to measure security assurance levels of a system as vital in order to maintain and improve the overall system security. Building on our close examination of the existing approaches for IT Information assurance, this paper proposes a risk-based security assurance metrics and aggregation techniques to be incorporated in a methodology for the evaluation of IT systems security assurance.

Capturing and Aligning Assurance Requirements for Business Services Systems

In this chapter we introduce and illustrate a systematic and rigorous approach for the elicitation and the modelling of assurance requirements inherent to business services offered by a service system. The approach is based on guidelines provided by the ISO 15504 norm, which is applicable for the assessment of any type of process in order to check its compliance against assurance requirements. We explain how 15504 can be applied in the context of business services with the support provided by goal-oriented requirements engineering techniques like i*. Its use is illustrated through the handling of an excerpt of a real case from the construction sector complemented with expertise developed in IT service level management. While this chapter is focusing on the capture of business requirements and their transformation into a business oriented solution, we also briefly explain how this business view is part of a more complete methodology also encompassing the service value and the service software views associated with a service system.

Information systems security criticality and assurance evaluation

A prerequisite to implement effective and efficient Information Systems security measures is to have a clear understanding of both, the business that the system will support and the importance of the system in the operating environment. Similarly, the evaluation of ones confidence in the deployed safeguarding measures, to adequately protect system assets, requires a better understanding of the security criticality of the system within its context of use (i.e. where is the system used and what for?). This paper proposes metrics as well as a methodology for the evaluation of operational systems security assurance. A critical feature of our approach is that assurance level is dependent on the measurement of security correctness and system security criticality. To that extend, we also propose a novel classification scheme for Information Systems based on their security criticality. Our work is illustrated with an application based on the case study of a Domain Name Server (DNS).

A Risk Based Approach for Security Assurance Evaluation of IT Systems

Research literature has argued the need for a methodology to measure security assurance levels of a system as vital in order to maintain and improve the overall system security. This paper proposes a risk-based security assurance metric and aggregation techniques to be incorporated in a methodology for the evaluation of IT systems security assurance.