From consumer requirements to policies in secure services

Erkuden Rios, Francesco Malmignati, Eider Iturbe, Michela D’Errico, Mattia Salnitri

Research output: Contribution to journalArticlepeer-review

Abstract

Automatic translation of elicited consumer security requirements at high level (problem space) into application or service level security requirements (solution space) has been traditionally the Achilles’ heel of security requirements engineering. Such automated translation would result in significant failure and cost reduction in application development and maintenance, particularly in those complex applications based on compositions and choreographies of services. In this paper we present a framework which makes a step forward to solve this dilemma. The framework supports the engineering of composite service security and trust requirements directly derived from the organisational needs expressed for such service. The followed approach starts with the modelling of organisation actors’ objectives and commitments among these actors, and follows with the transformation of such commitments into security elements in the service business process specification and into a consumer security policy which the service will need to be compliant with.

Original languageEnglish
Pages (from-to)79-94
Number of pages16
JournalLecture Notes in Computer Science
Volume8900
DOIs
Publication statusPublished - 2014

Keywords

  • BPMN
  • Consumer policy
  • Requirements
  • Security
  • Service composition
  • Transformation

Fingerprint

Dive into the research topics of 'From consumer requirements to policies in secure services'. Together they form a unique fingerprint.

Cite this