Se Celebrará en aula 4.0.2, el 27/04/2016, 13:45
Software systems today are part of larger socio-technical systems,
wherein they interact—by exchanging data and delegating tasks—with other
technical components, humans, and organizations. The components (actors)
of a socio-technical system are autonomous and uncontrollable.
Therefore, when interacting, they may endanger security by disclosing
confidential information, wrecking the integrity of others’ data,
relying on untrusted third parties, etc. The design of a secure software
system cannot disregard its collocation within a socio-technical
context, where security is threatened not only by technical attacks, but
also by social and organizational ones.
In this talk, I will present a tool-supported model-driven method, STS,
for conducting security requirements engineering for socio-technical
systems. In STS, security requirements are specified—using the STS-ml
requirements modeling language—as social contracts that constrain the
interactions among the actors in the socio-technical system. The
requirements models of STS-ml have a formal semantics which enables
automated reasoning for detecting possible conflicts among security
requirements as well as conflicts between security requirements and
actors’ business policies. The current version of STS is the result of
continuous evaluation over the past four years. These evaluations
include empirical studies as well as scalability experiments to assess
the performance of the algorithms for conflict identification.
Along the presentation of STS, I will introduce the main research lines
and ongoing works at the Software Engineering and Formal Methods group
at the University of Trento, with a particular focus on those highly
correlated to STS.
About the Speaker (Short bio):
Elda Paja is a Postdoctoral Research Fellow in the Department of
Engineering and Computer Science at the University of Trento, Italy.
Previously she obtained a Ph.D. from the same university. Her main
research interests lie in security requirements engineering, conceptual
modelling, trust, and privacy engineering. Her current research is
concerned with the development of languages and methods for security
requirements engineering for evolving and adaptive socio-technical
systems. She has published one refereed book and 30 papers in
international journals, conferences, and workshops. She has participated
in several national and international research projects (Aniketos,
NESSOS) and currently contributes to the Lucretius, Vision, and PACAS
projects. She serves as reviewer for several international journals
(TSE, IJIS, TMIS, SQJ, etc.), and on the program committee of
international conferences such as REFSQ and RE:Next!, and international
workshops such as iStar and RELaw.