Haralambos Mouratidis

Integrating Security and Software Engineering: Advances and Future Visions

A Sample of Contents: Integrating Security and Software Engineering A Methodology to Develop Secure Systems Using Patterns Extending Security in Agile Software Development Methods Access Control Specification in UML.

Integrating security and systems engineering: towards the modelling of secure information systems

Security is a crucial issue for information systems. Traditionally, security is considered after the definition of the system. However, this approach often leads to problems, which translate into security vulnerabilities. From the viewpoint of the traditional security paradigm, it should be possible to eliminate such problems through better integration of security and systems engineering. This paper argues for the need to develop a methodology that considers security as an integral part of the whole system development process. The paper contributes to the current state of the art by proposing an approach that considers security concerns as an integral part of the entire system development process and by relating this approach with existing work. The different stages of the approach are described with the aid of a case study; a health and social care information system.

Modelling secure multiagent systems

Security plays an important role in the development of multiagent systems. However, a careful analysis of software development processes shows that the definition of security requirements is, usually, considered after the design of the system. This is, mainly, due to the fact that agent oriented software engineering methodologies have not integrated security concerns throughout their developing stages. The integration of security concerns during the whole range of the development stages could help towards the development of more secure multiagent systems. In this paper we introduce extensions to the Tropos methodology to enable it to model security concerns throughout the whole development process. A description of the new concepts is given along with an explanation of how these concepts are integrated to the current stages of Tropos. An example from the health care sector is used to illustrate the above.

An Ontology for Modelling Security: The Tropos Approach

It has been argued that security concerns should inform all the stages of the development process of an agent-based system. However, this is not the case since current agent-oriented methodologies do not, usually, consider security concepts within their modelling ontology. In this paper we present extensions to the Tropos ontology to enable it to model security.

MODELING SECURE SYSTEMS USING AN AGENT-ORIENTED APPROACH AND SECURITY PATTERNS

In this paper we describe an approach for modelling security issues in information systems. It is based on an agent-oriented approach, and extends it with the use of security patterns. Agent-oriented software engineering provides advantages when modeling security issues, since agents are often a natural way of conceptualizing an information system, in particular at the requirements stage, when the viewpoints of multiple stakeholders need to be considered. Our approach uses the Tropos methodology for modelling a system as a set of agents and their social dependencies, with specific extensions for representing security constraints. As an extension to the existing methodology we propose the use of security patterns. These patterns capture proven solutions to common security issues, and support the systematic and structured mapping of these constraints to an architectural model of the system, in particular for non-security specialists.