HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Journal articles

Syntactic and Semantic Extensions to Secure Tropos to Support Security Risk Management

Abstract : The need to consider security from the early stages of the development process of information systems has been argued by academics and industrialists alike, and security risk management has been recognised as one of the most prominent techniques for eliciting security requirements. However, although existing security modelling languages provide some means to model security aspects, they do not contain concrete constructs to address vulnerable system assets, their risks, and risk treatments. Furthermore, security languages do not provide a crosscutting viewpoint relating all three– assets, risks and risk treatments – together. This is problematic since, for a security analyst, it is difficult to detect what the potential security flaws could be, and how they need to be fixed. In this paper, we extend the Secure Tropos language, an agentand goal-oriented security modelling language to support modelling of security risks. Based on previous work, where we had observed some inadequacies of this language to model security risks, this paper suggests improvements of Secure Tropos semantics and syntax. On the syntax level we extend the concrete and abstract syntax of the language, so that it covers the security risk management domain. On the semantic level, we illustrate how language constructs need to be improved to address the three different levels of security risk management. The suggested improvements are illustrated with the aid of a running example, called eSAP, from the healthcare domain.
Document type :
Journal articles
Complete list of metadata

Contributor : Patrick Heymans Connect in order to contact the contributor
Submitted on : Monday, January 25, 2021 - 11:56:18 AM
Last modification on : Friday, February 4, 2022 - 3:17:44 AM
Long-term archiving on: : Monday, April 26, 2021 - 6:48:03 PM


Files produced by the author(s)


  • HAL Id : hal-00718134, version 1



Raimundas Matulevicius, Haralambos Mouratidis, Mayer Nicolas, Dubois Eric, Patrick Heymans. Syntactic and Semantic Extensions to Secure Tropos to Support Security Risk Management. Journal of Universal Computer Science, Graz University of Technology, Institut für Informationssysteme und Computer Medien, 2012, 18 (6), pp.816-844. ⟨hal-00718134⟩



Record views


Files downloads