DISI Security Research Group Wiki

In eRISE 2011 were involved the following participants:

• Customers
  • Yudistira Asnar (University of Trento)
  • Federica Paci (University of Trento)
• Method Designers:
  • Atle Refsdal - SINTEF (CORAS)
  • Thein Than Tun - Open University (Security Argumentation)
  • Michalis Pavlidis, Shareeful Islam - University of East London (Secure Tropos)
  • Fabio Massacci - University of Trento (Si*)
• Participants:
  • 13 students were enrolled in the Master in Computer Science at the University of Trento;
  • 36 professionals were attending a Master Course in Management of Information System Enterprise at Dauphine University. This master has an admission requirement of a minimum of five years of working experience in the field of Auditing in Information Systems

The selection of the security requirements methods to be evaluated was driven by three main factors: the number of citations, the fact that research on the method is still ongoing, and availability of the methods designers.

Four methods have been evaluated and compared during eRISE 2011:

• CORAS is a model-driven method for risk analysis proposed by SINTEF, Norway. Materials: book chapter, tutorial.
• SECURITY ARGUMENTATION is a framework for security requirements elicitation and analysis developed at Open University, Buckinghamshire, United Kingdom. Materials: paper, tutorial.
• SECURE TROPOS is a methodology designed at University of East London, United Kingdom; the methodology supports capturing, analysis and reasoning of security requirements from the early stages of the development process. Materials: paper, tutorial.
• SI* is a formal framework developed at the University of Trento, Italy for modeling and analyzing security requirements of an organization. Materials: paper, tutorial.

In eRISE 2011 Healthcare Collaboration Network (HCN) scenario and its extension for monitoring Adverse Drug Event(HCN-ADE) were proposed to the participant for analysis.

Regional HealthCare Authority needs to monitor and alert citizens on occurrence of endemic or pandemic diseases within the region of CityVille. Healthcare Authority decides to create Healthcare Collaboration network involving data source organizations (like hospitals, physicians) and data review organizations (like government agencies, health insurers). Participants perform the role of consultants in analyzing the main threats; ensuring the information security and privacy protection of Healthcare collaboration network.

The materials about this scenario are available online: scenario description and presentation.

Healthcare Collaboration Network (HCN) needs to monitor Adverse Drug Event at the CityVille.

The materials about this scenario are available online: scenario description and presentation.