Università degli Studi di Trento Modeling Security Requirements Through Ownership, Permission and Delegation A comedy in 10 acts plus an epilogue starring F.Massacci Also starring P. Giorgini J. Mylopoulos N. Zannone www.troposproject.org
Università degli Studi di Trento What’s on Stage • Know thy speaker • The piece – Act 1 - The landascape out there – Act 2 - The father – Act 3 - An honest day’s work – Act 4 -The tale of two brothers – Act 5 - Shadows at dusk – Act 6 - Enter our hero – Act 7 - Going into the battlefield – Act 8 - Dr. Trust and mr. Mistrust – Act 9 - The step-sister – Act 10 - Looking into the future • Epilogue - Brave new world
Università degli Studi di Trento Know Thy Speaker • Fabio Massacci Academic Biography – 1994 - 1998 - PhD at University of Rome I (Automated Reasoning with Applications to Security) – 1999 – 2001 Assistant Professor in Siena – 2000 – Visiting Researcher at IRIT-CNRS Toulouse France – 2001 – now Associate (now Full) Professor at Univ. of Trento – Current research interest security engineering and formal verification of security properties • The Dark Side – 1991 – Volunteer in Refugee Camps in Croatia – 1994 – 1996 National Committee of Italian Campaign for Tax Objection to Military Expences – 1993 – 1997 European Treasurer of International Non Governamental Organization (a past time with 20+ national member branches) – 2002 - Deputy Rector for ICT Procurement (another past time at 4M€/year)
Università degli Studi di Trento Act 1 – The Landscape Out There How a Large Enterprise Project Looks Like
Università degli Studi di Trento A story… • Who? – Leading International Consultancy Company – Leading European ERP Provider – Local Software Integrator for e-Goverment - owned by the Local Goverment – Public Administration Human Resources Department – Public Administration IT Department • What? – Human Resource IT System
Università degli Studi di Trento The plot • A 2+M€ project for the verticalized ERP system for management of human resources in the public administration to be done on an integrated ERP platform hosted in outsourcing • HR management in public administration is complex: – your time in employment may be longer than the period you have actually been employed because you can count the military service into that or the service into another public institution. – When you run for a open call for (higher up) post and you win, the day you change role you formally resign from the old job and are hired to the new job… • A Virtual Organization was set up to sell the result of the project to other public administrations • 2 years of modelling and design and the project go live – Local SW Integrator responsible for the actual verticalization of ERP and corrective maintenance and evolution – Old HR systems turned off by Administration IT department and new system is run in outsourcing to local integrator.
Università degli Studi di Trento Software Engineering our story • Very Interesting Case Study • Complex Organizational Scenario – Complex relations between partners – Internal structures and departments • Complex Processes • Dependencies of Actors – Outsourcing of data processing • Security & Privacy – Authorization issues on promotion and demotion – Lots of privacy sensitive data
Università degli Studi di Trento Act 2 – The Father What You Always Wanted to Know About AOSE and Didn’t Care to Ask...
Università degli Studi di Trento What is Software? • Traditional view – An engineering artifact, designed, tested and deployed using engineering methods; rely heavily on testing and inspection for validation (Engineering perspective) – A mathematical abstraction, a theory, which can be analyzed for consistency and can be refined into a more specialized theory (Mathematical perspective) • More Recent Views – A non-human agent, with its own personality and behavior, defined by its past history and structural makeup (Cognitive Science perspective) – A social structure of software agents, who communicate, negotiate, collaborate and cooperate to fulfil their goals (Social perspective)
Università degli Studi di Trento Agent-Oriented Software Engineering • Research on the topic generally comes in two flavours: – Extend UML to support agent communication, negotiation etc. (e.g., Bauer and Odell); – Extend current agent programming platforms (e.g., JACK) to support not just programming but also design activities (Jennings et al). • Here we use a methodology for building agent- oriented software which supports requirements analysis , as well as design .
Università degli Studi di Trento What is an Agent? • A person, an organization, certain kinds of software. • An agent has beliefs , goals ( desires ), intentions . • Agents are situated, autonomous, flexible, and social. • But note: human/organizational agents can’t be prescribed , they can only be partially described. • Software agents, on the other hand, have to be completely specified during implementation. • Beliefs correspond to (object) state, intentions constitute a run-time concept. For design-time, the interesting new concept agents have that objects don’t have is... ...goals!
Università degli Studi di Trento i* - Tropos Methodology • Agent-Oriented RE Methodology – Agents, Roles – Goals, Tasks, Resources – Dependency among agents (A depends on B on G, if A wants G to be done and B agrees to look after that) – Goal Decomposition (AND/OR, pos./neg. contribution) • Adequate for the case at hand – Easy to Understand by Users for Early RE – Good for Modelling Organizations – Formal Reasoning Tools Available – www.troposproject.org • But there might be your own favourite… 6/17
Università degli Studi di Trento i* - Tropos Methodology (cont) • Four phases of software development: – Early requirements -- identifies stakeholders and their goals The organizational environment of a software system can be conceptualized as a set of business processes, actors and/or goals. – Late requirements -- introduce system as another actor which can accommodate some of these goals. – Architectural design -- more system actors are added and are assigned responsibilities; – Detailed design -- completes the specification of system actors.
Università degli Studi di Trento Tropos vs The World JACK i i TROPOS TROPOS * * GAIA GAIA KAOS KAOS Z Z AUML AUML UML, Catalysis & Co. UML, Catalysis & Co. Nothing here!! Early Early Late Architectural Late Architectural Detailed Implementation Detailed Implementation requirements requirements requirements design requirements design design design
Università degli Studi di Trento Why Worry About Human/Organizational Agents? • Because their goals lead to software requirements, and these influence the design of a software system. • Note the role of human/organizational agents in OOA, --> use cases. • Also note the role of agents in up-and-coming requirements engineering techniques such as KAOS [Dardenne93]. • In KAOS, requirements analysis begins with a set of goals; these are analysed/decomposed to simpler goals which eventually either lead to software requirements, or are delegated to external agents.
Università degli Studi di Trento Act 3 – A Honest Day’s Work How the i*/Tropos Methodology for Requirements and Software Engineering works
Università degli Studi di Trento Early Requirements: External Actors and their Goals A social setting consists of actors, each having goals (and/or softgoals ) to be Low cost fulfilled. scheduling Manager Participant Good meeting Schedule Productive Schedule meeting meetings meeting
Università degli Studi di Trento Quality of Goal schedule Minimal effort Degree of Analysis participation Minimal conflicts Schedule Matching Collection meeting effort + - effort + - + - - + Collect timetables Choose schedule By person By Manually system Automatically By all means By Have Collect email updated them timetables
Università degli Studi di Trento Actor Dependency Models Initiator ContributeToMtg UsefulMtg ScheduleMtg CalendarInfo Scheduler Participant AttendMtg SuitableTime Actor dependencies are intentional: One actor wants something, another is willing and potentially able to deliver.
Università degli Studi di Trento Using These Concepts • During early requirements, these concepts are used to model external stakeholders (people, organizations, existing systems), their relevant goals and inter- dependencies. • During late requirements, the system-to-be enters the picture as one or a few actors participating in i* models. • During architectural design, the actors being modelled are all system actors. • During detailed design, we are not adding more actors and/or dependencies; instead, we focus on fully specifying all elements of the models we have developed.
Università degli Studi di Trento Late Requirements with i* Initiator ContributeToMtg UsefulMtg ScheduleMtg System CalendarInfo Timetable Scheduler Participant manager Manage CalendarInfo AttendMtg MtgInfo Reporter SuitableTime
Recommend
More recommend