In this paper we describe an approach for modeling security issues in information systems. It is based on an agent-oriented approach, and extends it with the use of security patterns. Agent-oriented software engineering provides advantages when modeling security issues, since agents are often a natural way of conceptualizing an information system, in particular at the requirements stage, when the viewpoints of multiple stakeholders need to be considered. Our approach uses the Tropos methodology for modeling a system as a set of agents and their social dependencies, with specific extensions for representing security constraints. As an extension to the existing methodology we propose the use of security patterns. These patterns capture proven solutions to common security issues, and support the systematic and structured mapping of these constraints to an architectural model of the system, in particular for non-security specialists.

, , ,
International Journal of Software Engineering and Knowledge Engineering
Department of Systems and Computer Engineering

Mouratidis, H. (Haralambos), Weiss, M, & Giorgini, P. (Paolo). (2006). Modeling secure systems using an agent-oriented approach and security patterns. International Journal of Software Engineering and Knowledge Engineering, 16(3), 471–498. doi:10.1142/S0218194006002823