Secure Tropos

A goal-based requirements language for expressing security concerns.
Specurity Aspects
Name
Description
A restriction related to security issues, such as privacy, integrity and availability, which can influence the analysis and design of a multi-agent system under development by restricting some alternative design solutions, by conflicting with some of the requirements of the system, or by refining some of the system’s objectives.
Both the depender and the dependee must agree for the fulfillment of the security constraint in order for the secure dependency to be valid. That means the depender expects from the dependee to satisfy the security constraint(s) and also that the dependee will make an effort to deliver the dependum by satisfying the security constraint(s).
Represents a secure goal, a secure task or a secure resource.
The identification of security needs of the system-to-be, problems related to the security of the system, such as threats and vulnerabilities, and also possible solutions (usually these solutions are identified in terms of a security policy that the organisation might have) to the security problems.
Specification Elements
Name
Description
A security constraint is captured through a specialization of constraint and it is defined as a restriction related to security issues, such as privacy, integrity and availability, which can influence the analysis and design of a multiagent system under development by restricting some alternative design solutions, by conflicting with some of the requirements of the system, or by refining some of the system’s objectives. Graphically, security constraints are modelled as clouds within which the description of the (security) constraint is shown.
A secure goal represents the strategic interests of an actor with respect to security.
A secure task is defined as a task that represents a particular way for satisfying a secure goal.
A secure resource can be defined as an informational entity that is related to the security of the multiagent system.
Security features represent security-related attributes that the system under development must demonstrate. Examples of security features are privacy, availability, and integrity.
Protection objectives represent a set of principles or rules that contribute towards the achievement of the security features. These principles identify possible solutions to the security problems and usually they can be found in the form of the security policy of the organisation. Examples of protection objectives are authorisation, cryptography and accountability.
Security mechanisms represent standard security methods for helping towards the satisfaction of the protection objectives. Some of these methods are able to prevent security attacks, whereas others are able only to detect security breaches.
Threats represent circumstances that have the potential to cause loss; or problems that can put in danger the security features of the system. Examples of threats are social engineering, password sniffing and eavesdropping attacks.

  • Security Aspects

    • Constraint and Security Constraint

      A restriction related to security issues, such as privacy, integrity and availability, which can influence the analysis and design of a multi-agent system under development by restricting some alternative design solutions, by conflicting with some of the requirements of the system, or by refining some of the system’s objectives.
      Specification Elements:
      Constraint Label
      Threats:
      Tampering with Data
      Denial of Service
      Information Disclosure

    • Secure Dependency

      Both the depender and the dependee must agree for the fulfillment of the security constraint in order for the secure dependency to be valid. That means the depender expects from the dependee to satisfy the security constraint(s) and also that the dependee will make an effort to deliver the dependum by satisfying the security constraint(s).
      Specification Elements:
      Constraint Label
      Threats:
      Tampering with Data
      Denial of Service
      Information Disclosure

    • Secure Entities

      Represents a secure goal, a secure task or a secure resource.
      Specification Elements:
      Secure Goal Label
      Secure Task Label
      Secure Resource Label
      Threats:
      Tampering with Data
      Denial of Service
      Information Disclosure

    • Security Reference

      The identification of security needs of the system-to-be, problems related to the security of the system, such as threats and vulnerabilities, and also possible solutions (usually these solutions are identified in terms of a security policy that the organisation might have) to the security problems.
      Specification Elements:
      Security Feature
      Protection Objective
      Security Mechanism
      Threat
      Threats:
      Spoofing
      Tampering with Data
      Repudiation
      Information Disclosure
      Denial of Service
      Elevation of Privileges

    Specification Elements

    • Constraint Label

      A security constraint is captured through a specialization of constraint and it is defined as a restriction related to security issues, such as privacy, integrity and availability, which can influence the analysis and design of a multiagent system under development by restricting some alternative design solutions, by conflicting with some of the requirements of the system, or by refining some of the system’s objectives. Graphically, security constraints are modelled as clouds within which the description of the (security) constraint is shown.
      Applies to:
      Entity

    • Secure Goal Label

      A secure goal represents the strategic interests of an actor with respect to security.
      Applies to:
      Entity

    • Secure Task Label

      A secure task is defined as a task that represents a particular way for satisfying a secure goal.
      Applies to:
      Activity

    • Secure Resource Label

      A secure resource can be defined as an informational entity that is related to the security of the multiagent system.
      Applies to:
      Entity
      Component

    • Security Feature

      Security features represent security-related attributes that the system under development must demonstrate. Examples of security features are privacy, availability, and integrity.
      Applies to:
      Activity
      Component
      Entity
      Data

    • Protection Objective

      Protection objectives represent a set of principles or rules that contribute towards the achievement of the security features. These principles identify possible solutions to the security problems and usually they can be found in the form of the security policy of the organisation. Examples of protection objectives are authorisation, cryptography and accountability.
      Applies to:
      Activity
      Component
      Entity
      Data

    • Security Mechanism

      Security mechanisms represent standard security methods for helping towards the satisfaction of the protection objectives. Some of these methods are able to prevent security attacks, whereas others are able only to detect security breaches.
      Applies to:
      Activity

    • Threat

      Threats represent circumstances that have the potential to cause loss; or problems that can put in danger the security features of the system. Examples of threats are social engineering, password sniffing and eavesdropping attacks.
      Applies to:
      Activity
      Component
      Entity
      Data