Automatic translation of elicited consumer security requirements at high level (problem space) into application or service level security requirements (solution space) has been traditionally the Achilles’ heel of security requirements engineering. Such automated translation would result in significant failure and cost reduction in application development and maintenance, particularly in those complex applications based on compositions and choreographies of services. In this paper we present a framework which makes a step forward to solve this dilemma. The framework supports the engineering of composite service security and trust requirements directly derived from the organisational needs expressed for such service. The followed approach starts with the modelling of organisation actors’ objectives and commitments among these actors, and follows with the transformation of such commitments into security elements in the service business process specification and into a consumer security policy which the service will need to be compliant with.

(2014). From Consumer Requirements to Policies in Secure Services . Retrieved from https://hdl.handle.net/10446/324069

From Consumer Requirements to Policies in Secure Services

Salnitri, Mattia
2014-01-01

Abstract

Automatic translation of elicited consumer security requirements at high level (problem space) into application or service level security requirements (solution space) has been traditionally the Achilles’ heel of security requirements engineering. Such automated translation would result in significant failure and cost reduction in application development and maintenance, particularly in those complex applications based on compositions and choreographies of services. In this paper we present a framework which makes a step forward to solve this dilemma. The framework supports the engineering of composite service security and trust requirements directly derived from the organisational needs expressed for such service. The followed approach starts with the modelling of organisation actors’ objectives and commitments among these actors, and follows with the transformation of such commitments into security elements in the service business process specification and into a consumer security policy which the service will need to be compliant with.
WOS:000354789000008
2-s2.0-84949126903
scientifica
Inglese
2014
Secure and Trustworthy Service Composition. The Aniketos Approach
Brucker, Achim D.; Dalpiaz, Fabiano; Giorgini, Paolo; Meland, Per Håkon; Rios, Erkuden
cartaceo
online
9783319135175
LECTURE NOTES IN COMPUTER SCIENCE
8900
79
94
Switzerland
Cham
Springer
Settore IINF-05/A - Sistemi di elaborazione delle informazioni
BPMN; Consumer policy; Requirements; Security; Service composition; Transformation
info:eu-repo/semantics/bookPart
(2014). From Consumer Requirements to Policies in Secure Services . Retrieved from https://hdl.handle.net/10446/324069
reserved
1.2 Contributi in volume - Book chapters::1.2.01 Contributi in volume (Capitoli o Saggi) - Book Chapters/Essays
Non definito
Rios, Erkuden; Malmignati, Francesco; Iturbe, Eider; D'Errico, Michela; Salnitri, Mattia
5
268
File allegato/i alla scheda:
File Dimensione del file Formato  
From Consumer Requirements.pdf

Solo gestori di archivio

Versione: publisher's version - versione editoriale
Licenza: Licenza default Aisberg
Dimensione del file 936.07 kB
Formato Adobe PDF
  Visualizza/Apri
936.07 kB Adobe PDF   Visualizza/Apri
Pubblicazioni consigliate

Aisberg ©2008 Servizi bibliotecari, Università degli studi di Bergamo | Terms of use/Condizioni di utilizzo

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10446/324069
Citazioni
  • Scopus 0
  • ???jsp.display-item.citation.isi??? 0
social impact