Modelling the Interplay of Security, Privacy and Trust in Sociotechnical Systems: A Computer-Aided Design Approach

Mattia Salnitri, Konstantinos Angelopoulos, Michalis Pavlidis, Vasiliki Diamantopoulou, Haris Mouratidis, Paolo Giorgini

Research output: Contribution to journalArticle

Abstract

Personal data have become a central asset for multiple enterprise applications and online services offered by private companies, public organisations or a combination of both. The sensitivity of such data and the continuously growing legislation that accompanies their management dictate the development of methods that allow the development of more secure, trustworthy software systems with focus on privacy protection. The contribution of this paper is the definition of a novel requirements engineering method that supports both early and late requirements specification, giving emphasis on security, privacy and trust. The novelty of our work is that it provides the means for software designers and security experts to analyse the system-to-be from multiple aspects, starting from identifying high-level goals to the definition of business process composition, and elicitation of mechanisms to fortify the system from external threats. The method is supported by two CASE tools. To demonstrate the applicability and usefulness of our work, the paper shows its applications to a real-world case study.

Original languageEnglish
Pages (from-to)1-25
JournalSoftware and Systems Modeling
DOIs
Publication statusPublished - 20 Jul 2019

Fingerprint

Computer aided design
Industry
Data privacy
Requirements engineering
Specifications
Chemical analysis

Keywords

  • Security
  • Privacy
  • Trust
  • Sociotechnical systems
  • CASE tools

Cite this

@article{7fd81728a8774a34b1233f350672fa96,
title = "Modelling the Interplay of Security, Privacy and Trust in Sociotechnical Systems: A Computer-Aided Design Approach",
abstract = "Personal data have become a central asset for multiple enterprise applications and online services offered by private companies, public organisations or a combination of both. The sensitivity of such data and the continuously growing legislation that accompanies their management dictate the development of methods that allow the development of more secure, trustworthy software systems with focus on privacy protection. The contribution of this paper is the definition of a novel requirements engineering method that supports both early and late requirements specification, giving emphasis on security, privacy and trust. The novelty of our work is that it provides the means for software designers and security experts to analyse the system-to-be from multiple aspects, starting from identifying high-level goals to the definition of business process composition, and elicitation of mechanisms to fortify the system from external threats. The method is supported by two CASE tools. To demonstrate the applicability and usefulness of our work, the paper shows its applications to a real-world case study.",
keywords = "Security, Privacy, Trust, Sociotechnical systems, CASE tools",
author = "Mattia Salnitri and Konstantinos Angelopoulos and Michalis Pavlidis and Vasiliki Diamantopoulou and Haris Mouratidis and Paolo Giorgini",
year = "2019",
month = "7",
day = "20",
doi = "10.1007/s10270-019-00744-x",
language = "English",
pages = "1--25",
journal = "Software and Systems Modeling",
issn = "1619-1366",

}

Modelling the Interplay of Security, Privacy and Trust in Sociotechnical Systems : A Computer-Aided Design Approach. / Salnitri, Mattia; Angelopoulos, Konstantinos; Pavlidis, Michalis; Diamantopoulou, Vasiliki; Mouratidis, Haris; Giorgini, Paolo.

In: Software and Systems Modeling, 20.07.2019, p. 1-25.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Modelling the Interplay of Security, Privacy and Trust in Sociotechnical Systems

T2 - A Computer-Aided Design Approach

AU - Salnitri, Mattia

AU - Angelopoulos, Konstantinos

AU - Pavlidis, Michalis

AU - Diamantopoulou, Vasiliki

AU - Mouratidis, Haris

AU - Giorgini, Paolo

PY - 2019/7/20

Y1 - 2019/7/20

N2 - Personal data have become a central asset for multiple enterprise applications and online services offered by private companies, public organisations or a combination of both. The sensitivity of such data and the continuously growing legislation that accompanies their management dictate the development of methods that allow the development of more secure, trustworthy software systems with focus on privacy protection. The contribution of this paper is the definition of a novel requirements engineering method that supports both early and late requirements specification, giving emphasis on security, privacy and trust. The novelty of our work is that it provides the means for software designers and security experts to analyse the system-to-be from multiple aspects, starting from identifying high-level goals to the definition of business process composition, and elicitation of mechanisms to fortify the system from external threats. The method is supported by two CASE tools. To demonstrate the applicability and usefulness of our work, the paper shows its applications to a real-world case study.

AB - Personal data have become a central asset for multiple enterprise applications and online services offered by private companies, public organisations or a combination of both. The sensitivity of such data and the continuously growing legislation that accompanies their management dictate the development of methods that allow the development of more secure, trustworthy software systems with focus on privacy protection. The contribution of this paper is the definition of a novel requirements engineering method that supports both early and late requirements specification, giving emphasis on security, privacy and trust. The novelty of our work is that it provides the means for software designers and security experts to analyse the system-to-be from multiple aspects, starting from identifying high-level goals to the definition of business process composition, and elicitation of mechanisms to fortify the system from external threats. The method is supported by two CASE tools. To demonstrate the applicability and usefulness of our work, the paper shows its applications to a real-world case study.

KW - Security

KW - Privacy

KW - Trust

KW - Sociotechnical systems

KW - CASE tools

UR - http://www.scopus.com/inward/record.url?scp=85069478305&partnerID=8YFLogxK

U2 - 10.1007/s10270-019-00744-x

DO - 10.1007/s10270-019-00744-x

M3 - Article

SP - 1

EP - 25

JO - Software and Systems Modeling

JF - Software and Systems Modeling

SN - 1619-1366

ER -