A CASE tool to support automated modelling and analysis of security requirements

Book chapter

Pavlidis, Michalis, Islam, S. and Mouratidis, Haralambos 2012. A CASE tool to support automated modelling and analysis of security requirements. in: IS Olympics: Information Systems in a Diverse World Springer.

Publication dates
Authors	Pavlidis, Michalis, Islam, S. and Mouratidis, Haralambos
Abstract	Secure Tropos, an extension of the Tropos methodology, considers security requirements alongside functional requirements, from the early stages of the system development process. The Secure Tropos language uses security concepts such as security constraint, secure goal, secure plan, secure resource, and threat to capture the security concepts from both social and organisational settings. These concepts are used to model and reason about security for a specific system context. This paper presents a CASE tool, called SecTro, which supports automated modelling and analysis of security requirements based on Secure Tropos. The tool’s architecture, layout, and functionalities are demonstrated through a real world example using the Secure Tropos concepts.
Keywords	security; goal modelling
Book title	IS Olympics: Information Systems in a Diverse World
Year	2012
Publisher	Springer
Print	2012
Publication process dates
Deposited	04 May 2012
Series	Lecture Notes in Business Information Processing
ISBN	978-3-642-29749-6
	978-3-642-29748-9
ISSN	1865-1348
Web address (URL)	http://hdl.handle.net/10552/1578
Additional information	Citation: Pavlidis, M., Islam, S. and Mouratidis, H. (2012), 'A CASE tool to support automated modelling and analysis of security requirements', Lecture Notes in Business Information Processing, 107, pp 95-109 [IS Olympics: Information Systems in a Diverse World ].
Journal	Lecture Notes in Business Information Processing
Accepted author manuscript	5.pdf License CC BY-ND

Permalink -

https://repository.uel.ac.uk/item/85zz4

9
total views
10
total downloads
2
views this month
1
downloads this month

Related outputs

Cyber Security Threat Modeling for Supply Chain Organizational Environments

Yeboah-Ofori, Abel and Islam, S. 2019. Cyber Security Threat Modeling for Supply Chain Organizational Environments. Future Internet. 11 (3), p. Art. 63.

An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System

Kure, H., Islam, S. and Razzaque, Mohammad 2018. An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System. Applied Sciences. 8 (6), p. Art. 898.

E-Government Maturity Model for Sustainable E-Government Services from the Perspective of Developing Countries

Joshi, P. and Islam, S. 2018. E-Government Maturity Model for Sustainable E-Government Services from the Perspective of Developing Countries. Sustainability. 10 (6), p. Art. 1882.

A dynamic access control model using authorising workflow and task-role based access control

Uddin, M. and Islam, S. 2019. A dynamic access control model using authorising workflow and task-role based access control. IEEE Access.

Managing Social Engineering Attacks- Considering Human Factors and Security Investment

Alavi, R., Islam, S., Mouratidis, Haralambos and Lee, Sin Wee 2015. Managing Social Engineering Attacks- Considering Human Factors and Security Investment. in: Clarke, Nathan and Furnell, Steven (ed.) Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015) Plymouth University. pp. 161-171

Agile Changes of Security Landscape: A Human Factors and Security Investment View

Alavi, R. and Islam, S. 2016. Agile Changes of Security Landscape: A Human Factors and Security Investment View. in: Clarke, Nathan and Furnell, Steven (ed.) Proceedings of the Tenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016) Plymouth University.

A Risk Management Framework for Cloud Migration Decision Support

Islam, S., Fenz, Stefan, Weippl, Edgar and Mouratidis, Haralambos 2017. A Risk Management Framework for Cloud Migration Decision Support. Journal of Risk and Financial Management. 10 (2), p. 10.

A Decision Framework Model for Migration into Cloud: Business, Application, Security and Privacy Perspectives

Islam, S., Weippl, Edgar R. and Krombholz, Katharina 2014. A Decision Framework Model for Migration into Cloud: Business, Application, Security and Privacy Perspectives. in: Proceedings of the 16th International Conference on Information Integration and Web-based Applications & Services New York, NY, USA ACM. pp. 185-189

Sustainability forecast for cloud migration

Rahman, Alifah Aida Lope Abdul and Islam, S. 2015. Sustainability forecast for cloud migration. in: IEEE 9th International Symposium on the Maintenance and Evolution of Service-Oriented and Cloud-Based Environments (MESOCA) IEEE. pp. 31-35

Cloud Security Audit for Migration and Continuous Monitoring

Ismail, Umar Mukhtar, Islam, S. and Mouratidis, Haralambos 2015. Cloud Security Audit for Migration and Continuous Monitoring. in: 2015 IEEE Trustcom/BigDataSE/ISPA IEEE.

Measuring sustainability for an effective Information System audit from public organization perspective

Lope Abdul Rahman, Alifah Aida, Islam, S. and Al-Nemrat, A. 2015. Measuring sustainability for an effective Information System audit from public organization perspective. in: Research Challenges in Information Science (RCIS), 2015 IEEE 9th International Conference on IEEE. pp. 42-51

Towards Cloud Security Monitoring: A Case Study

Ismail, Umar Mukhtar, Islam, S. and Islam, S. 2016. Towards Cloud Security Monitoring: A Case Study. in: 2016 Cybersecurity and Cyberforensics Conference (CCC) IEEE.

Migration goals and risk management in cloud computing: A review of state of the art and survey results on practitioners

Islam, S., Fenz, Stefan, Weippl, Edgar and Kalloniatis, Christos 2016. Migration goals and risk management in cloud computing: A review of state of the art and survey results on practitioners. International Journal of Secure Software Engineering. 7 (3), pp. 44-73.

A framework to support selection of cloud providers based on security and privacy requirements

Mouratidis, Haralambos, Islam, S., Kalloniatis, Christos and Gritzalis, Stefanos 2013. A framework to support selection of cloud providers based on security and privacy requirements. Journal of Systems and Software. 86 (9), pp. 2276-2293.

Evaluating cloud deployment scenarios based on security and privacy requirements

Kalloniatis, Christos, Mouratidis, Haralambos and Islam, S. 2013. Evaluating cloud deployment scenarios based on security and privacy requirements. Requirements Engineering. 18 (4), pp. 299-319.

An empirical study on the implementation and evaluation of a goal-driven software development risk management model

Islam, S., Mouratidis, Haralambos and Weippl, Edgar R. 2013. An empirical study on the implementation and evaluation of a goal-driven software development risk management model. Information and Software Technology. 56 (2), pp. 117-133.

Towards the design of secure and privacy-oriented Information systems in the cloud: Identifying the major concepts

Kalloniatis, Christos, Mouratidis, Haralambos, Vassilis, Manousakis, Islam, S., Gritzalis, Stefanos and Kavakli, Evangelia 2013. Towards the design of secure and privacy-oriented Information systems in the cloud: Identifying the major concepts. Computer Standards and Interfaces. 36 (4), pp. 759-775.

Assurance of security and privacy requirements for cloud deployment model

Islam, S., Ouedraogo, Moussa, Kalloniatis, Christos, Mouratidis, Haralambos and Gritzalis, Stephanos 2015. Assurance of security and privacy requirements for cloud deployment model. IEEE Transactions on Cloud Computing. PP (99).

An information security risk-driven investment model for analysing human factors

Alavi, R., Islam, S. and Mouratidis, Haralambos 2016. An information security risk-driven investment model for analysing human factors. Information and Computer Security. 24 (2), pp. 205-227.

A Framework for Security Transparency in Cloud Computing

Ismail, U., Islam, S., Ouedraogo, Moussa and Weippl, Edgar 2016. A Framework for Security Transparency in Cloud Computing. Future Internet. 8 (1), p. 5.

Human Factors in Software Security Risk Management

Islam, S. 2008. Human Factors in Software Security Risk Management. in: Proceedings of the first international workshop on Leadership and management in software architecture ACM. pp. 13-16

Software Development Risk Management Model – A Goal Driven Approach

Islam, S. 2009. Software Development Risk Management Model – A Goal Driven Approach. ESEC/FSE'09 Joint 12th European Software Engineering Conference (ESEC) and 17th ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE-17). Amsterdam, The Netherlands 24 - 28 Aug 2009 ACM.

Offshore-Outsourced Software Development Risk Management Model

Islam, S. 2009. Offshore-Outsourced Software Development Risk Management Model. pp. 514-519

Goal and Risk Factors in Offshore Outsourced Software Development From Vendor's Viewpoint

Islam, S. 2009. Goal and Risk Factors in Offshore Outsourced Software Development From Vendor's Viewpoint. 4th IEEE International Conference on Global Software Engineering. Limerick, Ireland 13 - 16 Jul 2009

Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec

Islam, S. 2009. Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec. Requirements Engineering Journal. 15 (1), pp. 63-93.

Towards a Framework to Elicit and Manage Security and Privacy Requirements from Laws and Regulations

Islam, S., Mouratidis, Haralambos and Wager, Stefan 2010. Towards a Framework to Elicit and Manage Security and Privacy Requirements from Laws and Regulations. in: Wieringa, Roel and Persson, Anne (ed.) Requirements Engineering: Foundation for Software Quality Springer.