- The development of an ontology for security in organizations: a well-founded language for modelling organizations and security considerations from very early phases of requirement analysis. This ontology will be an axiomatic theory that relies on classical approaches based on the BDI (Belief, Desire, Intention) paradigm and on logics of action, extended with social notions such as ownership, delegation and trust.
- The development of a methodology for security modelling and analysis: based on the results of ontological analysis and on existing methodologies for requirements engineering such as TROPOS, this metodology aims at producing a set of guidelines to be used in the everyday practice of requirements engineering.
- The study of formal reasoning techniques and algorithms allowing the analysis of organization and system models (expressed in terms of the ontology for security in organizations) with respect to security.
- The definition of a specific case study related to the security problems that will serve to elicit real-world information for the ontological analysis, and validate both the ontology and the methodology.
|
