{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T13:40:13Z","timestamp":1762004413957},"reference-count":23,"publisher":"IGI Global","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012,4]]},"abstract":"<jats:p>Security modelling and analysing not only require solving technical problems but also reasoning on the organization as a whole for the development of a secure system. Assumptions exist about trust relationships among actors within the system environment, which play an important role in modelling and analysing security. Such assumptions are critical and must be analysed systematically for ensuring the overall system security. In this paper, the authors introduce trust-based concepts to identify these trust assumptions, and integrate the trust concepts with security concepts for the development of secure software systems. For this purpose, Secure Tropos\u2019 security modelling activities are extended with trust modelling activities based on the trust-based concepts. The CASE tool SecTro was extended to include the notation of the trust-based concepts to support the methodology. Finally, a running example from the UK National Health Service (NHS) domain is used to demonstrate how trust can be used for security modelling.<\/jats:p>","DOI":"10.4018\/jsse.2012040102","type":"journal-article","created":{"date-parts":[[2012,5,16]],"date-time":"2012-05-16T13:58:38Z","timestamp":1337176718000},"page":"36-53","source":"Crossref","is-referenced-by-count":7,"title":["Modelling Security Using Trust Based Concepts"],"prefix":"10.4018","volume":"3","author":[{"given":"Michalis","family":"Pavlidis","sequence":"first","affiliation":[{"name":"University of East London, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haralambos","family":"Mouratidis","sequence":"additional","affiliation":[{"name":"University of East London, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shareeful","family":"Islam","sequence":"additional","affiliation":[{"name":"University of East London, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"2432","reference":[{"key":"jsse.2012040102-0","unstructured":"Bimrah, K. K. (2009). A framework for modelling trust during information systems development (Unpublished doctoral dissertation). University of East London, London, UK."},{"key":"jsse.2012040102-1","doi-asserted-by":"publisher","DOI":"10.1023\/B:AGNT.0000018806.20944.ef"},{"key":"jsse.2012040102-2","unstructured":"British Telecom. (2003). NHS National Program for IT. Retrieved September 5, 2011, from http:\/\/www.btplc.com\/Health\/NHSIT\/NPfIT\/index.htm"},{"key":"jsse.2012040102-3","doi-asserted-by":"crossref","unstructured":"Chung, L. (1993). Dealing with security requirements during the development of information systems. In Proceedings of the Conference on Advanced Information Systems Engineering, Paris, France (pp. 234-251).","DOI":"10.1007\/3-540-56777-1_13"},{"key":"jsse.2012040102-4","doi-asserted-by":"crossref","DOI":"10.1002\/9780470517857","author":"P.Cofta","year":"2007","journal-title":"Trust, complexity and control: Confidence in a convergent world"},{"key":"jsse.2012040102-5","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-61520-837-1.ch010"},{"key":"jsse.2012040102-6","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-006-0005-7"},{"key":"jsse.2012040102-7","doi-asserted-by":"publisher","DOI":"10.1007\/s00766-009-0093-9"},{"issue":"3","key":"jsse.2012040102-8","first-page":"369","article-title":"A framework to support alignment of secure software engineering with legal regulations. Journal of Software and Systems Modeling","volume":"10","author":"S.Islam","year":"2011","journal-title":"Theme Section on Non-Functional System Properties in Domain-Specific Modeling Languages"},{"key":"jsse.2012040102-9","doi-asserted-by":"crossref","unstructured":"Islam, S., Mouratidis, H., & Wagner, S. (2010). Towards a framework to elicit and manage security and privacy requirements from laws and regulations. In Proceedings of the 16th International Working Conference on Requirements Engineering: Foundation for Software Quality, Essen, Germany (pp. 255-261).","DOI":"10.1007\/978-3-642-14192-8_23"},{"key":"jsse.2012040102-10","author":"J.J\u00fcrjens","year":"2005","journal-title":"Secure systems development with UML"},{"key":"jsse.2012040102-11","doi-asserted-by":"publisher","DOI":"10.1177\/0268580905055478"},{"key":"jsse.2012040102-12","doi-asserted-by":"publisher","DOI":"10.1142\/S0218194007003240"},{"key":"jsse.2012040102-13","doi-asserted-by":"crossref","unstructured":"Mouratidis, H., Giorgini, P., & Manson, G. A. (2003). Integrating security and systems engineering: towards the modelling of secure information systems. In Proceedings of the 15th International Conference on Advanced Information Systems Engineering (pp. 63-78).","DOI":"10.1007\/3-540-45017-3_7"},{"key":"jsse.2012040102-14","doi-asserted-by":"crossref","unstructured":"Mouratidis, H., J\u00fcrjens, J., & Fox, J. (2006). Towards a comprehensive framework for secure systems development. In Proceedings of the Conference on Advanced Information Systems Engineering, Luxembourg (pp. 48-62).","DOI":"10.1007\/11767138_5"},{"key":"jsse.2012040102-15","unstructured":"Pavlidis, M., & Islam, S. (2011). SecTro: A CASE tool for modelling security in requirements engineering using secure tropos. In Proceedings of the Conference on Advanced Information Systems Engineering Forum, London, UK (pp. 89-96)."},{"key":"jsse.2012040102-16","article-title":"A CASE tool to support automated modelling and analysis of security requirements, based on secure tropos. In","author":"M.Pavlidis","journal-title":"Proceedings of the CAISE Forum."},{"key":"jsse.2012040102-17","unstructured":"Pourshahid, A., & Tran, T. (2007). Modelling trust in e-commerce: An approach based on user requirement. In Proceedings of the 9th International Conference on Electronic Commerce (pp. 413-422)."},{"key":"jsse.2012040102-18","doi-asserted-by":"crossref","unstructured":"Rasmusson, L., & Janssen, S. (1996) Simulated social control for secure Internet commerce. In Proceedings of the New Security Paradigms Workshop (pp. 18-26).","DOI":"10.1145\/304851.304857"},{"key":"jsse.2012040102-19","author":"K.Schneider","year":"2011","journal-title":"Enhancing security requirements engineering by organisational learning"},{"key":"jsse.2012040102-20","doi-asserted-by":"publisher","DOI":"10.1007\/s00766-004-0194-4"},{"key":"jsse.2012040102-21","author":"W.Stallings","year":"1999","journal-title":"Cryptography and network security: Principles and practice"},{"key":"jsse.2012040102-22","doi-asserted-by":"crossref","unstructured":"Yu, E., & Liu, L. (2001). Modelling trust for system design using the i* strategic actors framework. In Proceedings of the International Workshop on Deception Fraud and Trust in Agent Societies (pp. 175-194).","DOI":"10.1007\/3-540-45547-7_11"}],"container-title":["International Journal of Secure Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=66407","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2018,11,13]],"date-time":"2018-11-13T19:15:57Z","timestamp":1542136557000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/jsse.2012040102"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2012,4]]},"references-count":23,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.4018\/jsse.2012040102","relation":{},"ISSN":["1947-3036","1947-3044"],"issn-type":[{"value":"1947-3036","type":"print"},{"value":"1947-3044","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012,4]]}}}