KeyNote Speaker

 

Prof. Paolo Giorgini

University of Trento

 

Socio-Technical Security Requirements

During the last decades the scale and the complexity of software systems have increased dramatically. Software cannot be designed and developed anymore in isolation, but rather they have to be considered part of more complex systems, where other technical (hardware/software) and social (humans and organizations) components operate. Each component operates autonomously (i.e., without any central control) and the interaction between components defines the system as a network of social relationships. We call such systems, Socio-Technical Systems (STSs). Health care systems or air traffic management systems are examples of (complex) STSs. Security in STSs is not only a technical problem, but also an organizational and social problem. Interaction between heterogeneous and autonomous components introduces a number of security needs that impose restrictions on how each single component can behave within the STS. In this talk, I will discuss about the problem of modeling and analyzing security requirements in Socio-Technical Systems. I will present the STS modeling language and the CASE tool we have developed within the EU project ANIKETOS. The language overcomes the limitations of current security modeling languages proposing the concept of commitment to capture and specify security requirements emerging from the interaction between different components of the STSs.  Future research directions will conclude the presentation.

 

Paolo Giorgini is associate professor and head of the Software Engineering, Formal Methods and Security  group at the Department of Engineering and Computer Science of University of Trento. He received his Ph.D. degree from the Computer Science Institute of University of Ancona - Italy -  (1998) and then he joined the University of Trento as assistant professor. He has worked on the development of requirements and design languages, and the application of agent and goal-oriented techniques to (security) software analysis. He co-funder of Tropos, an agent-oriented software engineering methodology co-editor in chief of the International Journal of Agent-Oriented Software Engineering (IJAOSE). His publication list includes more than 180 refereed journal and conference proceedings papers and twelve edited books. He has worked and coordinated a number of provincial, national and international research projects (e.g., PAT-Stamps, PAT-Mostro, MIUR-Mensa, EU-IP-Serenity, EU-STREP-Compas, EU-IP-Aniketos) and he has contributed to the organization of international conferences as general chair, program chair and program committee member, such as RE, ER, CAiSE, AAMAS, EUMAS, ICSOC, ACM-SAC.

The Second International Workshop on Information Systems Security Engineering - WISSE’12