Funded under various schemes
Software systems become more and more critical in every domain of the human society. Transportation, telecommunications, entertainment, health care, military, education and so on; the list is almost endless. These systems are used not only by major corporations and governments but also across networks of organizations and by individual users. Such wide use has resulted in these systems containing a large amount of critical information and processes which inevitably need to remain secure. Therefore, although it is important to ensure that software systems are developed according to the user needs, it is equally important to ensure that these systems are secure.
However, the common approach towards the inclusion of security within a software system is to identify security requirements after the definition of a system. This typically means that security enforcement mechanisms have to be fitted into a pre-existing design, leading to serious design challenges that usually translate into the emergence of computer systems afflicted with security vulnerabilities. Moreover, security is traditionally approached as a technical issue that requires a technical solution. This treatment of security has led to the development of a number of security mechanisms and protocols that on one hand are successfully used in modern software systems but on the other hand, they have failed to ensure an acceptable degree of security.
Security of software systems has been transformed from a mono-dimensional technical issue to a two-dimensional issue that includes a technical dimension (related to challenges and problems associated to the available technology and the infrastructure of software systems) and a social dimension (which includes issues and problems related to the correct elicitation and analysis of security requirements and the involvement of humans in securing software systems). To effectively consider both dimensions, the research literature argues that it is essential for security to be considered from the early stages and throughout the software development lifecycle and a sound software engineering methodology needs to be developed that supports the simultaneous analysis of both dimensions of security.
Secure Tropos is based on the Tropos methodology, which uses the concepts of actor (entity that has strategic goals and intentionality), goal (an actor’s strategic interest), soft-goal (goal without clear criteria whether it is satisfied or not), task (it represents the way of doing something), resource (it represents a physical or informational entity, without intentionality) and social dependencies (indicate that one actor depends on another in order to attain some goals, execute some tasks, or deliver a resource).
Secure Tropos extends the Tropos methodology by adding security concerns during the development process. In particular, Secure Tropos extends the Tropos language as well as its development process. The language extension consists of redefining existing concepts with security in mind as well as introducing new concepts:
The process in Secure Tropos is one of analysing the security needs of the stakeholders and the system in terms of security constraints imposed on the stakeholders and the system, identifying secure entities that guarantee the satisfaction of the security constraints, and assigning capabilities to the system to help towards the satisfaction of the secure entities. In particular, as for Tropos, the Secure Tropos methodology covers four main phases: