• Se Celebrará en aula 4.0.2, el 27/04/2016, 13:45

  • Software systems today are part of larger socio-technical systems,
    wherein they interact—by exchanging data and delegating tasks—with other
    technical components, humans, and organizations. The components (actors)
    of a socio-technical system are autonomous and uncontrollable.
    Therefore, when interacting, they may endanger security by disclosing
    confidential information, wrecking the integrity of others’ data,
    relying on untrusted third parties, etc. The design of a secure software
    system cannot disregard its collocation within a socio-technical
    context, where security is threatened not only by technical attacks, but
    also by social and organizational ones.
    In this talk, I will present a tool-supported model-driven method, STS,
    for conducting security requirements engineering for socio-technical
    systems. In STS, security requirements are specified—using the STS-ml
    requirements modeling language—as social contracts that constrain the
    interactions among the actors in the socio-technical system. The
    requirements models of STS-ml have a formal semantics which enables
    automated reasoning for detecting possible conflicts among security
    requirements as well as conflicts between security requirements and
    actors’ business policies. The current version of STS is the result of
    continuous evaluation over the past four years. These evaluations
    include empirical studies as well as scalability experiments to assess
    the performance of the algorithms for conflict identification.
    Along the presentation of STS, I will introduce the main research lines
    and ongoing works at the Software Engineering and Formal Methods group
    at the University of Trento, with a particular focus on those highly
    correlated to STS.

    About the Speaker (Short bio):
    Elda Paja is a Postdoctoral Research Fellow in the Department of
    Engineering and Computer Science at the University of Trento, Italy.
    Previously she obtained a Ph.D. from the same university. Her main
    research interests lie in security requirements engineering, conceptual
    modelling, trust, and privacy engineering. Her current research is
    concerned with the development of languages and methods for security
    requirements engineering for evolving and adaptive socio-technical
    systems. She has published one refereed book and 30 papers in
    international journals, conferences, and workshops. She has participated
    in several national and international research projects (Aniketos,
    NESSOS) and currently contributes to the Lucretius, Vision, and PACAS
    projects. She serves as reviewer for several international journals
    (TSE, IJIS, TMIS, SQJ, etc.), and on the program committee of
    international conferences such as REFSQ and RE:Next!, and international
    workshops such as iStar and RELaw.