Secure Tropos: A Security-Oriented Extension of the Tropos methodology

Although security plays an important role in the development of multiagent systems, a careful analysis of software development processes shows that the definition of security requirements is, usually, considered after the design of the system. One of the reasons is the fact that agent oriented software engineering methodologies have not integrated security concerns throughout their developing stages. The integration of security concerns during the whole range of the development stages can help towards the development of more secure multiagent systems. In this paper we introduce extensions to the Tropos methodology to enable it to model security concerns throughout the whole development process. A description of the new concepts and modelling activities is given along with a discussion on how these concepts and modelling activities are integrated to the current stages of Tropos. A real life case study from the health and social care sector is used to illustrate the approach.

Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec

Building secure systems is difficult for many reasons. This paper deals with two of the main challenges: (i) the lack of security expertise in development teams, and (ii) the inadequacy of existing methodologies to support developers who are not security experts. The security standard ISO 14508 (Common Criteria) together with secure design techniques such as UMLsec can provide the security expertise, knowledge, and guidelines that are needed. However, security expertise and guidelines are not stated explicitly in the Common Criteria. They are rather phrased in security domain terminology and difficult to understand for developers. This means that some general security and secure design expertise are required to fully take advantage of the Common Criteria and UMLsec. In addition, there is the problem of tracing security requirements and objectives into solution design,which is needed for proof of requirements fulfilment. This paper describes a security requirements engineering methodology called SecReq. SecReq combines three techniques: the Common Criteria, the heuristic requirements editorHeRA, andUMLsec. SecReqmakes systematic use of the security engineering knowledge contained in the Common Criteria and UMLsec, as well as security-related heuristics in the HeRA tool. The integrated SecReq method supports early detection of security-related issues (HeRA), their systematic refinement guided by the Common Criteria, and the ability to trace security requirements into UML design models. A feedback loop helps reusing experiencewithin SecReq and turns the approach into an iterative process for the secure system life-cycle, also in the presence of system evolution.

Towards Empowerment: Narrative Study of Counselling Psychology Trainees and How They Make Sense of Their Personal and Professional Development in the Context of Their Past Experiences

The discipline of counselling psychology continues to grow and change in response to social, economic and political pressures. It has been argued that its quest for a coherent and distinct identity, which emphasises the possibility of the coexistence of multiple approaches, creates an inherently uncertain and dilemmatic training environment that may hinder the development of trainees’ professional identities. In order to gain a deeper understanding of the issue at hand, the aim was to explore how final year trainees and newly qualified counselling psychologists constructed and made sense of their emerging professional identities and what experiences, past and present, they drew upon in the context of their training to shape those identities. Applying narrative inquiry to analyse eight open-ended interviews, eight preliminary themes were originally identified in participants’ narratives, which with further refinements lead to stories of struggle and marginalisation, growth and discovery, and power and resilience. Participants’ stories of struggle and marginalisation emerged in reference to early family dynamics and stressful life experiences, which seemed to also foster a strong identification with the counselling psychology profession, while stories of growth and discovery focused on the importance of having supportive figures, who helped to instill a sense of security and create an atmosphere of openness. It was in this learning environment that participants felt it was possible to develop a more resilient, empowered professional self, which allowed them to shed an earlier sense of struggle and vulnerability. However, where more of an emphasis was placed on power and resilience, there seemed to be less room for participants to express other feelings that came into conflict with their preferred sense of professional self. While there seems to be a need for a ‘safer’ climate, in which trainees could voice and acknowledge anxieties, vulnerabilities and limitations, addressing concerns around power and vulnerability that may be contributing to the silencing of particular voices and identities may be equally important if trainees are to develop coherent and distinct counselling psychologist identities.

Enhancing Security Requirements Engineering by Organisational Learning

More and more software projects today are security-related in one way or the other. Requirements engineers often fail to recognise indicators for security problems which is a major source of security problems in practice. Identifying security-relevant requirements is labour-intensive and errorprone. In order to facilitate the security requirements elicitation process, we present an approach supporting organisational learning on security requirements by establishing company-wide experience resources, and a socio-technical network to benefit from them. The approach is based on modelling the flow of requirements and related experiences. Based on those models, we enable people to exchange experiences about security-requirements while they write and discuss project requirements. At the same time, the approach enables participating stakeholders to learn while they write requirements. This can increase security awareness and facilitate learning on both individual and organisational levels. As a basis for our approach, we introduce heuristic assistant tools which support reuse of existing security-related experiences. In particular, they include Bayesian classifiers which issue a warning automatically when new requirements seem to be security-relevant. Our results indicate that this is feasible, in particular if the classifier is trained with domain specific data and documents from previous projects. We show how the ability to identify security-relevant requirements can be improved using this approach. We illustrate our approach by providing a step-by-step example of how we improved the security requirements engineering process at the European Telecommunications Standards Institute (ETSI) and report on experiences made in this application.

Preparing for disaster: a comparative analysis of education for critical infrastructure collapse

This article explores policy approaches to educating populations for potential critical infrastructure collapse in five different countries: the UK, the US, Germany, Japan and New Zealand. ‘Critical infrastructure’ is not always easy to define, and indeed is defined slightly differently across countries – it includes entities vital to life, such as utilities (water, energy), transportation systems and communications, and may also include social and cultural infrastructure. The article is a mapping exercise of different approaches to critical infrastructure protection and preparedness education by the five countries. The exercise facilitates a comparison of the countries and enables us to identify distinctive characteristics of each country’s approach. We argue that contrary to what most scholars of security have argued, these national approaches diverge greatly, suggesting that they are shaped more by internal politics and culture than by global approaches.

A Framework for Security Transparency in Cloud Computing

Individuals and corporate users are persistently considering cloud adoption due to its significant benefits compared to traditional computing environments. The data and applications in the cloud are stored in an environment that is separated, managed and maintained externally to the organisation. Therefore, it is essential for cloud providers to demonstrate and implement adequate security practices to protect the data and processes put under their stewardship. Security transparency in the cloud is likely to become the core theme that underpins the systematic disclosure of security designs and practices that enhance customer confidence in using cloud service and deployment models. In this paper, we present a framework that enables a detailed analysis of security transparency for cloud based systems. In particular, we consider security transparency from three different levels of abstraction, i.e., conceptual, organisation and technical levels, and identify the relevant concepts within these levels. This allows us to provide an elaboration of the essential concepts at the core of transparency and analyse the means for implementing them from a technical perspective. Finally, an example from a real world migration context is given to provide a solid discussion on the applicability of the proposed framework.