Secure Tropos

Project Details


The Secure Tropos methodology (Mouratidis, 2004) is based on the principle that security should be analysed and considered from the early stages of the software system development process and not added as an afterthought. As such, the methodology provides a modelling language, a security-aware process and a set of algorithms to support the analysis and consideration of security from the early stages of the development process.

The Secure Tropos language consists of a set of concepts from the requirements engineering domain, and in particular Goal-Oriented Requirements Engineering, such as actor, goal, plan and dependency enriched with concepts from security engineering such as security constraint, security objective and attacks.

The process in Secure Tropos is one of analysing the security needs of the stakeholders and the system in terms of security constraints, imposed on the stakeholders and the system, identifying security objectives that guarantee the satisfaction of these security constraints, and assigning secure plans and resources to the system to help towards the satisfaction of the security objectives.

The common approach towards the inclusion of security within a software system is to identify security requirements after the definition of a system. This typically means that security enforcement mechanisms have to be fitted into a pre-existing design, leading to serious design challenges that usually translate into the emergence of computer systems afflicted with security vulnerabilities.

Moreover, security is traditionally approached as a technical issue that requires a technical solution. This treatment of security has led to the development of a number of security mechanisms and protocols that on one hand are successfully used in modern software systems but, on the other hand, have failed to ensure an acceptable degree of security.

Security of software systems has been transformed from a mono-dimensional technical issue to a two-dimensional issue that includes a technical dimension (related to challenges and problems associated to the available technology and the infrastructure of software systems) and a social dimension (which includes issues and problems related to the correct elicitation and analysis of security requirements and the involvement of humans in securing software systems). To effectively consider both dimensions, the research literature argues that it is essential for security to be considered from the early stages and throughout the software development lifecycle and a sound software engineering methodology needs to be developed that supports the simultaneous analysis of both dimensions of security.

Secure Tropos is a security-aware software systems development methodology, which combines requirements engineering concepts, such as actor, goal, plan together with security engineering concepts such as threat, security constraint and security mechanism, under a unified process to support the analysis and development of secure and trustworthy software systems.

Key findings

The original version of the methodology (2003-2013) was based on an adapted version of the i* language and the Tropos methodology development stages. Version 2 of the methodology (2013-) includes a number of enhancements such as a new streamlined security-aware process, a new set of security related concepts that enhance the security analysis, and a new set of techniques that enable automatic analysis of various security aspects of the system under development.

The methodology is supported by the SecTro tool, which supports the development of Secure Tropos models, it provides a set of analysis techniques and it enables the automatic generation of WORD and PDF files.

The SecTro is a comprehensive CASE tool, which supports the second version of Secure Tropos methodology. It is the second iteration of the dedicated tool which aims to be stable even with very large models, easy to use, provide automation and assistive features and build a solid base for future improvements.

> All views of the same system are combined into single model for clutter-less management
> Views are automatically synchronised between each other to ease the design process
> Automatic model integrity checks are performed during modelling activities
> Easy model sharing and documentation capabilities:
       »Models can be saved to various image formats
       »Models or parts of them can be sent to a printer
       »Recently introduced report generation allows exporting model reports as Word and PDF formats
> Models can be analysed running several analysis methods (e.g. Security Constraints analysis, Threat mitigation analysis)
> The Design Pattern Library (DPL) add-on allows capturing meaningful parts of models and reusing them later:
       »Automated design pattern insertion into currently open model/view
       »Design patterns can be chained into meaningful sets
       »Design patterns can be exported and imported as XML file for easy sharing
       »Each saved design pattern comes with a graphical representation
> Models can be exported into XML file:
       »Default XML export mode (i.e. all data from the model)
       »Transformed to a required XML structure by supplying XSLT file. XSLT files can be saved in the SecTro2 database and reused any time
Effective start/end date1/01/0331/12/18


  • Cyber security


Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.