Our Book is now available on The MIT Press!
Security Requirements Engineering
Designing Secure Socio-Technical systems
The book presents the STS method for designing secure software systems. The method focuses on the early stages of software design: requirements engineering. STS is model-driven: the central activity that the designers conduct is the construction of models that represent the security requirements of the system under design. These models are created using the Socio-Technical Security modeling language (STS-ml), which is thoroughly described in the book. In addition to presenting the STS-ml language and the STS method, the book describes the modeling and analysis software tool called STS-Tool that supports the presented approach through a graphical modeling environment, automated reasoning capabilities to verify the created models, and the automatic derivation of security requirements documents. The key message the authors convey through the book is that designing secure software systems has to adopt a socio-technical systems perspective, as opposed to considering just the technical aspects of the system. The book also features a background chapter concerning the computer and information security landscape, an application of the method to two case studies, and a detailed comparison to complementary and alternative approaches to security requirements engineering.
Mar 2016 - Mar 2018. I co-coordinated the project "PACAS: Participatory Architectural Change Management in ATM Systems”, together with Prof. Paolo Giorgini. As far as the technical involvement is concered, together with other colleagues of the Department of Information Engineering and Computer Science, University of Trento, we created the multi-level multi-view approach to support the active participation of experts, the creation of modeling constructs over four perspectives (aka views, such as security, safety, organizational, and economic) and mapping that are at the basis of reasoning techniques to support impact propagation and alignment for change management in ATM (Air Traffic Management). We have created a gamified platform to support the PACAS framework.
2014-2016 I was part of the project “Lucretius: Foundations for Software Evolution”, working with Prof. John Mylopoulos and colleagues at the Department of Information Engineering and Computer Science (DISI), University of Trento. My research was concerned with security requirements engineering and modeling, with a particular interest on preserving compliance with security requirements in the face of evolution. Another interesting research trend during this period was the investigation of business intelligence to support strategic decision-making.
I obtained my PhD in May 2014 from the University of Trento - Information Engineering and Computer Science Department (DISI), under the supervision of Prof. Paolo Giorgini. My PhD work concerns the engineering of Secure and Trustworthy Socio-Technical Systems starting as early as in the Requirements Engineering phase. During my PhD, I have visited the Insitute of Software Research at CMU, working with Travis D. Breaux. I received my master degree from RWTH Aachen University in Media Informatics and from University of Trento in Data, Media and Knowledge, as part of the EuMI Master Programme. I received my BSc in Computer Science from University of Tirana, Albania. I have participated in the IFP7 EU-sponsored research project, Aniketos: "Ensuring Trustworthiness and Security in Service Composition".
For more information on my work, see my CV.
My research interests include the design of Socio-Technical Systems, with a particular focus on security requirements engineering. I am also interested in Privacy Engineering, dealing with Evolution, and Trust issues in designing such complex systems. My work explores the use (and/or creation) of conceptual modeling techniques in doing this, specifically (requirements) modeling languages.
For more details, check out the Publications section.
- Topics of Interest
- Conceptual Modeling
- Security Requirements Engineering
- Socio-Technical Systems
- Trust-based Specification
- Requirements Modelling
- Security Requirements
- Security Modelling
- Privacy Modelling
- Business Intelligence
- Conceptual Modeling for Decision Making
- Goal Models
- Social Commitments
- Automated Reasoning
- Methodologies & tools
- Formative Evaluation
- User-centered development
- Business Process Modelling
- Socio-Technical Trust
- Socio-Technical Systems