In this paper we describe an approach for modeling security issues in information systems. It is based on an agent-oriented approach, and extends it with the use of security patterns. Agent-oriented software engineering provides advantages when modeling security issues, since agents are often a natural way of conceptualizing an information system, in particular at the requirements stage, when the viewpoints of multiple stakeholders need to be considered. Our approach uses the Tropos methodology for modeling a system as a set of agents and their social dependencies, with specific extensions for representing security constraints. As an extension to the existing methodology we propose the use of security patterns. These patterns capture proven solutions to common security issues, and support the systematic and structured mapping of these constraints to an architectural model of the system, in particular for non-security specialists.

Additional Metadata
Keywords Agent-oriented software engineering, Patterns, Security, Tropos
Persistent URL dx.doi.org/10.1142/S0218194006002823
Journal International Journal of Software Engineering and Knowledge Engineering
Citation
Mouratidis, H. (Haralambos), Weiss, M, & Giorgini, P. (Paolo). (2006). Modeling secure systems using an agent-oriented approach and security patterns. International Journal of Software Engineering and Knowledge Engineering, 16(3), 471–498. doi:10.1142/S0218194006002823