{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,10,21]],"date-time":"2023-10-21T18:11:12Z","timestamp":1697911872298},"reference-count":30,"publisher":"IGI Global","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011,7]]},"abstract":"Designing secure and dependable IT systems requires a deep analysis of organizational as well as social aspects of the environment where the system will operate. Domain experts and analysts often face security and dependability (S&D) issues they have already encountered before. These concerns require the design of S&D patterns to facilitate designers when developing IT systems. This article presents the experience in designing S&D organizational patterns, which was gained in the course of an industry lead EU project. The authors use an agent-goal-oriented modeling framework (i.e., the SI* framework) to analyze organizational settings jointly with technical functionalities. This framework can assist domain experts and analysts in designing S&D patterns from their experience, validating them by proof-of-concept implementations, and applying them to increase the security level of the system.<\/jats:p>","DOI":"10.4018\/jsse.2011070101","type":"journal-article","created":{"date-parts":[[2011,10,19]],"date-time":"2011-10-19T12:46:28Z","timestamp":1319028388000},"page":"1-22","source":"Crossref","is-referenced-by-count":5,"title":["Organizational Patterns for Security and Dependability"],"prefix":"10.4018","volume":"2","author":[{"given":"Yudis","family":"Asnar","sequence":"first","affiliation":[{"name":"University of Trento, Italy"}]},{"given":"Fabio","family":"Massacci","sequence":"additional","affiliation":[{"name":"University of Trento, Italy"}]},{"given":"Ayda","family":"Saidane","sequence":"additional","affiliation":[{"name":"University of Trento, Italy"}]},{"given":"Carlo","family":"Riccucci","sequence":"additional","affiliation":[{"name":"Engineering Ingegneria Informatica S.p.A, Italy"}]},{"given":"Massimo","family":"Felici","sequence":"additional","affiliation":[{"name":"Deep Blue, Italy"}]},{"given":"Alessandra","family":"Tedeschi","sequence":"additional","affiliation":[{"name":"Deep Blue, Italy"}]},{"given":"Paul","family":"El-Khoury","sequence":"additional","affiliation":[{"name":"SAP Research, France"}]},{"given":"Keqin","family":"Li","sequence":"additional","affiliation":[{"name":"SAP Research, France"}]},{"given":"Magali","family":"S\u00e9guran","sequence":"additional","affiliation":[{"name":"SAP Research, France"}]},{"given":"Nicola","family":"Zannone","sequence":"additional","affiliation":[{"name":"Eindhoven University of Technology, The Netherlands"}]}],"member":"2432","reference":[{"key":"jsse.2011070101-0","doi-asserted-by":"crossref","unstructured":"Anderson, R. (1993). Why cryptosystems fail. In Proceedings of the 1st ACM Conference on Computer and Communications Security (pp. 215-227).","DOI":"10.1145\/168588.168615"},{"key":"jsse.2011070101-1","author":"R.Anderson","year":"2001","journal-title":"Security engineering: A guide to building dependable distributed systems"},{"key":"jsse.2011070101-2","doi-asserted-by":"crossref","unstructured":"Asnar, Y., Bonato, R., Giorgini, P., Massacci, F., Meduri, V., Riccucci, C., & Saidane, A. (2007). Secure and dependable patterns in organizations: An empirical approach. In Proceedings of the IEEE International Conference on Requirements Engineering (pp. 287-292).","DOI":"10.1109\/RE.2007.19"},{"key":"jsse.2011070101-3","unstructured":"Asnar, Y., Dalpiaz, F., Massacci, F., Nguyen, V. H., & Saidane, A. (2009). Security and dependability engineering for ambient assisted living: A report on the research results by UniTN. Retrieved from http:\/\/www.disi.unitn.it\/~massacci\/Download\/SERENITY-MPEG.mpg"},{"key":"jsse.2011070101-4","doi-asserted-by":"crossref","unstructured":"Asnar, Y., Moretti, R., Sebastianis, M., & Zannone, N. (2008). Risk as dependability metrics for the evaluation of business solutions: A model-driven approach. In Proceedings of the 3rd International Workshop on Dependability Aspects on Data Warehousing and Mining Applications (pp. 1240-1248).","DOI":"10.1109\/ARES.2008.17"},{"key":"jsse.2011070101-5","doi-asserted-by":"crossref","unstructured":"Betous-Almeida, C., & Kanoun, K. (2002). Stepwise construction and refinement of dependability models. In Proceedings of the Conference on Dependable Systems and Networks (pp. 515-524).","DOI":"10.1109\/DSN.2002.1028944"},{"key":"jsse.2011070101-6","doi-asserted-by":"publisher","DOI":"10.1023\/B:AGNT.0000018806.20944.ef"},{"key":"jsse.2011070101-7","doi-asserted-by":"publisher","DOI":"10.1016\/j.entcs.2009.07.036"},{"key":"jsse.2011070101-8","doi-asserted-by":"publisher","DOI":"10.1007\/s10506-008-9067-3"},{"key":"jsse.2011070101-9","doi-asserted-by":"publisher","DOI":"10.1016\/0167-6423(93)90021-G"},{"key":"jsse.2011070101-10","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijar.2007.03.004"},{"key":"jsse.2011070101-11","doi-asserted-by":"crossref","unstructured":"Di Giacomo, V., Felici, M., Meduri, V., Presenza, D., Riccucci, C., & Tedeschi, A. (2008). Using security and dependability patterns for reaction processes. In Proceedings of the 19th International Conference on Database and Expert Systems (pp. 315-319).","DOI":"10.1109\/DEXA.2008.102"},{"key":"jsse.2011070101-12","doi-asserted-by":"crossref","unstructured":"Elahi, G., & Yu, E. (2007). A goal oriented approach for modeling and analyzing security trade-offs. In C. Parent, K.-D. Schewe, V. C. Storey, & B. Thalheim (Eds.), Proceedings of the 26th International Conference on Conceptual Modeling (LNCS 4801, pp. 375-390).","DOI":"10.1007\/978-3-540-75563-0_26"},{"key":"jsse.2011070101-13","doi-asserted-by":"crossref","unstructured":"Fota, N., Kaaniche, M., & Kanoun, K. (1998). Dependability evaluation of an air traffic control computing system. In Proceedings of the 3rd IEEE International Symposium on Computer Performance and Dependability (pp. 206-215).","DOI":"10.1109\/IPDS.1998.707723"},{"key":"jsse.2011070101-14","doi-asserted-by":"crossref","unstructured":"Gabor, H., & Istvin, M. (2000). Quantitative analysis of dependability critical systems based on UML statechart models. In Proceedings of the 5th IEEE International Symposium on High Assurance Systems Engineering (pp. 83-92).","DOI":"10.1109\/HASE.2000.895445"},{"key":"jsse.2011070101-15","author":"E.Gamma","year":"1994","journal-title":"Design patterns: Elements of reusable object-oriented software"},{"key":"jsse.2011070101-16","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-006-0005-7"},{"key":"jsse.2011070101-17","doi-asserted-by":"crossref","unstructured":"Giorgini, P., Massacci, F., & Zannone, N. (2005b). Security and trust requirements engineering. In A. Aldini, R. Gorrieri, & F. Martinelli (Eds.), Proceedings of the Tutorial Lectures on Foundations of Security Analysis and Design III (LNCS 3655, pp. 237-272).","DOI":"10.1007\/11554578_8"},{"key":"jsse.2011070101-18","author":"A. N.Kolmogorov","year":"1956","journal-title":"Foundations of the theory of probability"},{"key":"jsse.2011070101-19","doi-asserted-by":"crossref","unstructured":"Liu, L., Yu, E. S. K., & Mylopoulos, J. (2003). Security and privacy requirements analysis within a social setting. In Proceedings of the IEEE International Conference on Requirements Engineering (pp. 151-161).","DOI":"10.1109\/ICRE.2003.1232746"},{"key":"jsse.2011070101-20","doi-asserted-by":"crossref","unstructured":"Massacci, F., & Zannone, N. (2008). A model-driven approach for the specification and analysis of access control policies. In R. Meersman & Z. Tari (Eds.), Proceedings of the Confederated International Conferences of On the Movie to Meaningful Internet Systems (LNCS 5332, pp. 1087-1103).","DOI":"10.1007\/978-3-540-88873-4_11"},{"key":"jsse.2011070101-21","doi-asserted-by":"crossref","DOI":"10.1007\/b11930","author":"M.Schumacher","year":"2003","journal-title":"Security engineering with patterns: Origins, theoretical models, and new applications"},{"key":"jsse.2011070101-22","unstructured":"Serenity Consortium. (2008a). A7.d4.2 - Scenario S&D solutions. Retrieved from http:\/\/www.serenity-project.org"},{"key":"jsse.2011070101-23","unstructured":"Serenity Consortium. (2008b). A6.D3.2 - Specification of serenity architecture. Retrieved from http:\/\/www.serenity-project.org"},{"key":"jsse.2011070101-24","unstructured":"Serenity Consortium. (2009). The final set of S&D patterns at organizational level. Retrieved from http:\/\/www.serenity-project.org"},{"key":"jsse.2011070101-25","unstructured":"SQUALE Consortium. (1999). SQUALE: Security, safety and quality evaluation for dependable systems. Retrieved from http:\/\/spiderman-2.laas.fr\/TSF\/cabernet\/squale\/"},{"key":"jsse.2011070101-26","unstructured":"Stamatelatos, M., Vesely, W., Dugan, J., Fragola, J., Minarick, J., & Railsback, J. (2002). Fault tree handbook with aerospace applications. Retrieved from http:\/\/www.hq.nasa.gov\/office\/codeq\/doctree\/fthb.pdf"},{"key":"jsse.2011070101-27","unstructured":"Van Lamsweerde, A., Brohez, S., Landtsheer, R. D., & Janssens, D. (2003). From system goals to intruder anti-goals: Attack generation and resolution for security requirements engineering. In Proceedings of the International Conference on High Assurance Systems Engineering."},{"key":"jsse.2011070101-28","unstructured":"Yoder, J., & Barcalow, J. (1997). Architectural patterns for enabling application security. In Proceedings of the Conference on Pattern Languages of Programs."},{"key":"jsse.2011070101-29","doi-asserted-by":"crossref","unstructured":"Zhang, Z., Shen, H., Defago, X., & Sang, Y. (2005). A brief comparative study on analytical models of computer system dependability and security. In Proceedings of the 6th International Conference on Parallel and Distributed Computing Applications and Technologies (pp. 493-497).","DOI":"10.1109\/PDCAT.2005.1"}],"container-title":["International Journal of Secure Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=58505","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,2,8]],"date-time":"2019-02-08T01:39:05Z","timestamp":1549589945000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/jsse.2011070101"}},"subtitle":["From Design to Application"],"short-title":[],"issued":{"date-parts":[[2011,7]]},"references-count":30,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.4018\/jsse.2011070101","relation":{},"ISSN":["1947-3036","1947-3044"],"issn-type":[{"value":"1947-3036","type":"print"},{"value":"1947-3044","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011,7]]}}}