{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,26]],"date-time":"2026-04-26T07:12:07Z","timestamp":1777187527358,"version":"3.51.4"},"publisher-location":"Berlin, Heidelberg","reference-count":56,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642051821","type":"print"},{"value":"9783642051838","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-05183-8_6","type":"book-chapter","created":{"date-parts":[[2009,12,29]],"date-time":"2009-12-29T08:01:20Z","timestamp":1262073680000},"page":"147-174","source":"Crossref","is-referenced-by-count":34,"title":["Security Requirements Engineering: The SI* Modeling Language and the Secure Tropos Methodology"],"prefix":"10.1007","author":[{"given":"Fabio","family":"Massacci","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"John","family":"Mylopoulos","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nicola","family":"Zannone","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"6_CR1","unstructured":"AMICE Consortium: Open System Architecture for CIM. Springer, Heidelberg (1993)"},{"key":"6_CR2","volume-title":"Security Engineering: A Guide to Building Dependable Distributed Systems","author":"R. Anderson","year":"2001","unstructured":"Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, Chichester (2001)"},{"key":"6_CR3","unstructured":"Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise Privacy Authorization Language (EPAL 1.1). Research Report 3485, IBM Research (2003), http:\/\/www.zurich.ibm.com\/security\/enterprise-privacy\/epal"},{"key":"6_CR4","unstructured":"Asnar, Y., Bonato, R., Bryl, V., Compagna, L., Dolinar, K., Giorgini, P., Holtmanns, S., Klobucar, T., Lanzi, P., Latanicki, J., Massacci, F., Meduri, V., Porekar, J., Riccucci, C., Saidane, A., Seguran, M., Yautsiukhin, A., Zannone, N.: Security and privacy requirements at organizational level. Research report A1.D2.1, SERENITY consortium (2006)"},{"key":"6_CR5","volume-title":"Proc. of RE 2007","author":"Y. Asnar","year":"2007","unstructured":"Asnar, Y., Bonato, R., Giorgini, P., Massacci, F., Meduri, V., Riccucci, C., Saidane, A.: Secure and Dependable Patterns in Organizations: An Empirical Approach. In: Proc. of RE 2007, IEEE Press, Los Alamitos (2007)"},{"key":"6_CR6","first-page":"19","volume-title":"Proc. of ARES 2007","author":"Y. Asnar","year":"2007","unstructured":"Asnar, Y., Giorgini, P., Massacci, F., Zannone, N.: From Trust to Dependability through Risk Analysis. In: Proc. of ARES 2007, pp. 19\u201326. IEEE Press, Los Alamitos (2007)"},{"key":"6_CR7","unstructured":"Association of Certified Fraud Examiners: The 2006 report to the nation (2006)"},{"issue":"1","key":"6_CR8","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1145\/1125808.1125810","volume":"15","author":"D. Basin","year":"2006","unstructured":"Basin, D., Doser, J., Lodderstedt, T.: Model Driven Security: from UML Models to Access Control Infrastructures. TOSEM\u00a015(1), 39\u201391 (2006)","journal-title":"TOSEM"},{"issue":"3","key":"6_CR9","doi-asserted-by":"publisher","first-page":"179","DOI":"10.1016\/S0951-5240(96)00001-8","volume":"9","author":"P. Bernus","year":"1996","unstructured":"Bernus, P., Nemes, L.: A Framework to Define a Generic Enterprise Reference Architecture and Methodology. Computer Integrated Manufacturing Systems\u00a09(3), 179\u2013191 (1996)","journal-title":"Computer Integrated Manufacturing Systems"},{"issue":"3","key":"6_CR10","first-page":"203","volume":"8","author":"P. Bresciani","year":"2004","unstructured":"Bresciani, P., Giorgini, P., Giunchiglia, F., Mylopoulos, J., Perini, A.: TROPOS: An Agent-Oriented Software Development Methodology. JAAMAS\u00a08(3), 203\u2013236 (2004)","journal-title":"JAAMAS"},{"key":"6_CR11","unstructured":"Bryce, M., Associates: PRIDE-EEM Enterprise Engineering Methodology (2006), http:\/\/www.phmainstreet.com\/mba\/pride\/eemeth.htm"},{"key":"6_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/11767138_4","volume-title":"Advanced Information Systems Engineering","author":"V. Bryl","year":"2006","unstructured":"Bryl, V., Massacci, F., Mylopoulos, J., Zannone, N.: Designing Security Requirements Models through Planning. In: Dubois, E., Pohl, K. (eds.) CAiSE 2006. LNCS, vol.\u00a04001, pp. 33\u201347. Springer, Heidelberg (2006)"},{"key":"6_CR13","first-page":"72","volume-title":"Proc. of ICMAS 1998","author":"C. Castelfranchi","year":"1998","unstructured":"Castelfranchi, C., Falcone, R.: Principles of trust for MAS: Cognitive anatomy, social importance and quantification. In: Proc. of ICMAS 1998, pp. 72\u201379. IEEE Press, Los Alamitos (1998)"},{"key":"6_CR14","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4615-5269-7","volume-title":"Non-Functional Requirements in Software Engineering","author":"L.K. Chung","year":"2000","unstructured":"Chung, L.K., Nixon, B.A., Yu, E.S.K., Mylopoulos, J.: Non-Functional Requirements in Software Engineering. Kluwer Publishing, Dordrecht (2000)"},{"key":"6_CR15","first-page":"149","volume-title":"ICAIL 2007","author":"L. Compagna","year":"2007","unstructured":"Compagna, L., El Khoury, P., Massacci, F., Thomas, R., Zannone, N.: How to capture, communicate, model, and verify the knowledge of legal, security, and privacy experts: a pattern-based approach. In: ICAIL 2007, pp. 149\u2013154. ACM Press, New York (2007)"},{"key":"6_CR16","unstructured":"Cranor, L., Langheinrich, M., Marchiori, M., Reagle, J.: The Platform for Privacy Preferences 1.0 (P3P1.0) Specification. W3C Recommendation (2002), http:\/\/www.w3.org\/TR\/P3P\/"},{"key":"6_CR17","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1016\/0167-6423(93)90021-G","volume":"20","author":"A. Dardenne","year":"1993","unstructured":"Dardenne, A., van Lamsweerde, A., Fickas, S.: Goal-directed Requirements Acquisition. Sci. of Comp. Prog.\u00a020, 3\u201350 (1993)","journal-title":"Sci. of Comp. Prog."},{"key":"6_CR18","unstructured":"Dignum, V.: A model for organizational interaction: based on agents, founded in logic. Ph.D. thesis, Universiteit Utrecht (2004)"},{"key":"6_CR19","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1145\/1029133.1029144","volume-title":"Proc. of FMSE 2004","author":"T. Doan","year":"2004","unstructured":"Doan, T., Demurjian, S., Ting, T.C., Ketterl, A.: MAC and UML for secure software design. In: Proc. of FMSE 2004, pp. 75\u201385. ACM Press, New York (2004)"},{"key":"6_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"375","DOI":"10.1007\/978-3-540-75563-0_26","volume-title":"Conceptual Modeling - ER 2007","author":"G. Elahi","year":"2007","unstructured":"Elahi, G., Yu, E.: A goal oriented approach for modeling and analyzing security trade-offs. In: Parent, C., Schewe, K.-D., Storey, V.C., Thalheim, B. (eds.) ER 2007. LNCS, vol.\u00a04801, pp. 375\u2013390. Springer, Heidelberg (2007)"},{"issue":"4","key":"6_CR21","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1007\/s10207-006-0005-7","volume":"5","author":"P. Giorgini","year":"2006","unstructured":"Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Requirements Engineering for Trust Management: Model, Methodology, and Reasoning. Int. J. of Inform. Sec.\u00a05(4), 257\u2013274 (2006)","journal-title":"Int. J. of Inform. Sec."},{"key":"6_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"237","DOI":"10.1007\/11554578_8","volume-title":"Foundations of Security Analysis and Design III","author":"P. Giorgini","year":"2005","unstructured":"Giorgini, P., Massacci, F., Zannone, N.: Security and Trust Requirements Engineering. In: Aldini, A., Gorrieri, R., Martinelli, F. (eds.) FOSAD 2005. LNCS, vol.\u00a03655, pp. 237\u2013272. Springer, Heidelberg (2005)"},{"key":"6_CR23","unstructured":"Guarda, P., Massacci, F., Zannone, N.: E-Government and On-line Services: Security and Legal Patterns. In: Proc. of MeTTeg 2007 (2007)"},{"key":"6_CR24","unstructured":"House of Lords: Prince Jefri Bolkiah vs KPMG. 1 All ER 517 (1999)"},{"key":"6_CR25","series-title":"Lecture Notes in Artificial Intelligence","doi-asserted-by":"publisher","first-page":"118","DOI":"10.1007\/3-540-36127-8_12","volume-title":"Advances in Artificial Intelligence","author":"J.F. H\u00fcbner","year":"2002","unstructured":"H\u00fcbner, J.F., Sichman, J.S., Boissier, O.: A Model for the Structural, Functional, and Deontic Specification of Organizations in Multiagent Systems. In: Bittencourt, G., Ramalho, G.L. (eds.) SBIA 2002. LNCS (LNAI), vol.\u00a02507, pp. 118\u2013128. Springer, Heidelberg (2002)"},{"key":"6_CR26","volume-title":"Secure Systems Development with UML","author":"J. J\u00fcrjens","year":"2004","unstructured":"J\u00fcrjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2004)"},{"key":"6_CR27","doi-asserted-by":"crossref","unstructured":"Kiyavitskaya, N., Zannone, N.: Requirements Model Generation to Support Requirements Elicitation: The Secure Tropos Experience. In: ASE (2008)","DOI":"10.1007\/s10515-008-0028-6"},{"issue":"3","key":"6_CR28","doi-asserted-by":"publisher","first-page":"499","DOI":"10.1145\/1149114.1149117","volume":"7","author":"N. Leone","year":"2006","unstructured":"Leone, N., Pfeifer, G., Faber, W., Eiter, T., Gottlob, G., Perri, S., Scarcello, F.: The DLV System for Knowledge Representation and Reasoning. TOCL\u00a07(3), 499\u2013562 (2006)","journal-title":"TOCL"},{"issue":"1","key":"6_CR29","doi-asserted-by":"publisher","first-page":"128","DOI":"10.1145\/605434.605438","volume":"6","author":"N. Li","year":"2003","unstructured":"Li, N., Grosof, B.N., Feigenbaum, J.: Delegation logic: A logic-based approach to distributed authorization. TISSEC\u00a06(1), 128\u2013171 (2003)","journal-title":"TISSEC"},{"key":"6_CR30","unstructured":"Liu, L., Yu, E., Mylopoulos, J.: Analyzing Security Requirements as Relationships Among Strategic Actors. In: Proc. of SREIS 2002 (2002)"},{"key":"6_CR31","first-page":"151","volume-title":"Proc. of RE 2003","author":"L. Liu","year":"2003","unstructured":"Liu, L., Yu, E.S.K., Mylopoulos, J.: Security and Privacy Requirements Analysis within a Social Setting. In: Proc. of RE 2003, pp. 151\u2013161. IEEE Press, Los Alamitos (2003)"},{"issue":"3","key":"6_CR32","first-page":"341","volume":"14","author":"F. Massacci","year":"2007","unstructured":"Massacci, F., Mylopoulos, J., Zannone, N.: Computer-Aided Support for Secure Tropos. ASE\u00a014(3), 341\u2013364 (2007)","journal-title":"ASE"},{"key":"6_CR33","doi-asserted-by":"crossref","unstructured":"Massacci, F., Mylopoulos, J., Zannone, N.: An Ontology for Secure Socio-Technical Systems. In: Handbook of Ontologies for Business Interaction, ch.\u00a0XI. The IDEA Group (2008)","DOI":"10.4018\/978-1-59904-660-0.ch011"},{"issue":"5","key":"6_CR34","first-page":"445","volume":"27","author":"F. Massacci","year":"2005","unstructured":"Massacci, F., Prest, M., Zannone, N.: Using a Security Requirements Engineering Methodology in Practice: The compliance with the Italian Data Protection Legislation. CSI\u00a027(5), 445\u2013455 (2005)","journal-title":"CSI"},{"key":"6_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1087","DOI":"10.1007\/978-3-540-88873-4_11","volume-title":"On the Move to Meaningful Internet Systems: OTM 2008","author":"F. Massacci","year":"2008","unstructured":"Massacci, F., Zannone, N.: A Model-Driven Approach for the Specification and Analysis of Access Control Policies. In: Meersman, R., Tari, Z. (eds.) OTM 2008, Part II. LNCS, vol.\u00a05332, pp. 1087\u20131103. Springer, Heidelberg (2008)"},{"key":"6_CR36","volume-title":"Social Modeling for Requirements Engineering","author":"F. Massacci","year":"2008","unstructured":"Massacci, F., Zannone, N.: Detecting Conflicts between Functional and Security Requirements with Secure Tropos: John Rusnak and the Allied Irish Bank. In: Social Modeling for Requirements Engineering. MIT Press, Cambridge (2008) (to appear)"},{"issue":"3","key":"6_CR37","doi-asserted-by":"publisher","first-page":"709","DOI":"10.2307\/258792","volume":"20","author":"R.C. Mayer","year":"1995","unstructured":"Mayer, R.C., Davis, J.H., Schoorman, F.D.: An integrative model of organizational trust. Acad. Management Rev.\u00a020(3), 709\u2013734 (1995)","journal-title":"Acad. Management Rev."},{"key":"6_CR38","first-page":"55","volume-title":"Proc. of ACSAC 1999","author":"J. McDermott","year":"1999","unstructured":"McDermott, J., Fox, C.: Using Abuse Case Models for Security Requirements Analysis. In: Proc. of ACSAC 1999, pp. 55\u201366. IEEE Press, Los Alamitos (1999)"},{"key":"6_CR39","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1145\/286884.286900","volume-title":"Proc. of RBAC 1998","author":"J.D. Moffett","year":"1998","unstructured":"Moffett, J.D.: Control principles and role hierarchies. In: Proc. of RBAC 1998, pp. 63\u201369. ACM Press, New York (1998)"},{"key":"6_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/3-540-45017-3_7","volume-title":"Advanced Information Systems Engineering","author":"H. Mouratidis","year":"2003","unstructured":"Mouratidis, H., Giorgini, P., Manson, G.: Integrating security and systems engineering: Towards the modelling of secure information systems. In: Eder, J., Missikoff, M. (eds.) CAiSE 2003. LNCS, vol.\u00a02681, pp. 63\u201378. Springer, Heidelberg (2003)"},{"key":"6_CR41","unstructured":"OASIS: eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard (2005)"},{"key":"6_CR42","unstructured":"Promontory Financial Group, Wachtell, Lipton, Rosen, Katz: Report to the Board and Directors of Allied Irish Bank P.L.C., Allfirst Financial Inc., and Allfirst Bank Concerning Currency Trading Losses (2003)"},{"key":"6_CR43","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1145\/990036.990054","volume-title":"Proc. of SACMAT 2004","author":"I. Ray","year":"2004","unstructured":"Ray, I., Li, N., France, R., Kim, D.K.: Using UML to visualize role-based access control constraints. In: Proc. of SACMAT 2004, pp. 115\u2013124. ACM Press, New York (2004)"},{"key":"6_CR44","unstructured":"Robertson, S., Robertson, J.: Mastering the requirements process. ACM Press\/Addison-Wesley Publishing Co. (1999)"},{"issue":"2","key":"6_CR45","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1109\/2.485845","volume":"29","author":"R.S. Sandhu","year":"1996","unstructured":"Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Comp.\u00a029(2), 38\u201347 (1996)","journal-title":"IEEE Comp."},{"key":"6_CR46","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1145\/1133058.1133079","volume-title":"Proc. of SACMAT 2006","author":"A. Schaad","year":"2006","unstructured":"Schaad, A., Lotz, V., Sohr, K.: A model-checking approach to analysing organisational controls in a loan origination process. In: Proc. of SACMAT 2006, pp. 139\u2013149. ACM Press, New York (2006)"},{"key":"6_CR47","doi-asserted-by":"publisher","first-page":"1380","DOI":"10.1145\/967900.968177","volume-title":"Proc. of SAC 2004","author":"A. Schaad","year":"2004","unstructured":"Schaad, A., Moffett, J.: Separation, review and supervision controls in the context of a credit application process: a case study of organisational control principles. In: Proc. of SAC 2004, pp. 1380\u20131384. ACM Press, New York (2004)"},{"key":"6_CR48","volume-title":"Security Patterns - Integrating Security and Systems Engineering","author":"M. Schumacher","year":"2005","unstructured":"Schumacher, M., Fernandez, E.B., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns - Integrating Security and Systems Engineering. John Wiley & Sons, Chichester (2005)"},{"issue":"1","key":"6_CR49","first-page":"34","volume":"10","author":"G. Sindre","year":"2005","unstructured":"Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. REJ\u00a010(1), 34\u201344 (2005)","journal-title":"REJ"},{"key":"6_CR50","unstructured":"Stader, J.: Results of the Enterprise Project. In: Proc. of BSC SGES 1996 (1996)"},{"key":"6_CR51","first-page":"148","volume-title":"Proc. of ICSE 2004","author":"A. van Lamsweerde","year":"2004","unstructured":"van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proc. of ICSE 2004, pp. 148\u2013157. IEEE Press, Los Alamitos (2004)"},{"issue":"10","key":"6_CR52","first-page":"978","volume":"26","author":"A. van Lamsweerde","year":"2000","unstructured":"van Lamsweerde, A., Letier, E.: Handling Obstacles in Goal-Oriented Requirements Engineering. TSE\u00a026(10), 978\u20131005 (2000)","journal-title":"TSE"},{"key":"6_CR53","unstructured":"Yu, E., Cysneiros, L.: Designing for Privacy and Other Competing Requirements. In: Proc. of SREIS 2002 (2002)"},{"key":"6_CR54","unstructured":"Yu, E.S.K.: Modelling strategic relationships for process reengineering. Ph.D. thesis, University of Toronto (1995)"},{"key":"6_CR55","unstructured":"Zannone, N.: A Requirements Engineering Methodology for Trust, Security, and Privacy. Ph.D. thesis, University of Trento (2007)"},{"issue":"4","key":"6_CR56","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1145\/267580.267581","volume":"29","author":"P. Zave","year":"1997","unstructured":"Zave, P.: Classification of research efforts in requirements engineering. CSUR\u00a029(4), 315\u2013321 (1997)","journal-title":"CSUR"}],"container-title":["Studies in Computational Intelligence","Advances in Intelligent Information Systems"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-05183-8_6.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T02:49:09Z","timestamp":1606186149000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-05183-8_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642051821","9783642051838"],"references-count":56,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-05183-8_6","relation":{},"ISSN":["1860-949X","1860-9503"],"issn-type":[{"value":"1860-949X","type":"print"},{"value":"1860-9503","type":"electronic"}],"subject":[],"published":{"date-parts":[[2010]]}}}