Secure Tropos

The common approach towards the inclusion of security within a software system is to identify security requirements after the definition of a system. This typically means that security enforcement mechanisms have to be fitted into a pre-existing design, leading to serious design challenges that usually translate into the emergence of computer systems afflicted with security vulnerabilities.

Moreover, security is traditionally approached as a technical issue that requires a technical solution. This treatment of security has led to the development of a number of security mechanisms and protocols that on one hand are successfully used in modern software systems but, on the other hand, have failed to ensure an acceptable degree of security.

Security of software systems has been transformed from a mono-dimensional technical issue to a two-dimensional issue that includes a technical dimension (related to challenges and problems associated to the available technology and the infrastructure of software systems) and a social dimension (which includes issues and problems related to the correct elicitation and analysis of security requirements and the involvement of humans in securing software systems). To effectively consider both dimensions, the research literature argues that it is essential for security to be considered from the early stages and throughout the software development lifecycle and a sound software engineering methodology needs to be developed that supports the simultaneous analysis of both dimensions of security.

Secure Tropos is a security-aware software systems development methodology, which combines requirements engineering concepts, such as actor, goal, plan together with security engineering concepts such as threat, security constraint and security mechanism, under a unified process to support the analysis and development of secure and trustworthy software systems.

Project aims

The project aimed to develop a software engineering methodology that incorporates security concerns in a structured and coherent way at all the stages of software systems design and development.

Project findings and impact

The original version of the methodology (2003-2013) was based on an adapted version of the i* language and the Tropos methodology development stages. Version 2 of the methodology (2013-) includes a number of enhancements such as a new streamlined security-aware process, a new set of security related concepts that enhance the security analysis, and a new set of techniques that enable automatic analysis of various security aspects of the system under development.

The methodology is supported by the SecTro tool, which supports the development of Secure Tropos models, it provides a set of analysis techniques and it enables the automatic generation of WORD and PDF files.

The SecTro is a comprehensive CASE tool, which supports the second version of Secure Tropos methodology. It is the second iteration of the dedicated tool which aims to be stable even with very large models, easy to use, provide automation and assistive features and build a solid base for future improvements.

  • All views of the same system are combined into single model for clutter-less management
  • Views are automatically synchronised between each other to ease the design process
  • Automatic model integrity checks are performed during modelling activities
  • Easy model sharing and documentation capabilities:
    • Models can be saved to various image formats
    • Models or parts of them can be sent to a printer
    • Recently introduced report generation allows exporting model reports as Word and PDF formats
  • Models can be analysed running several analysis methods (e.g. Security Constraints analysis, Threat mitigation analysis)
  • The Design Pattern Library (DPL) add-on allows capturing meaningful parts of models and reusing them later:
    • Automated design pattern insertion into currently open model/view
    • Design patterns can be chained into meaningful sets
    • Design patterns can be exported and imported as XML file for easy sharing
    • Each saved design pattern comes with a graphical representation
  • Models can be exported into XML file:
    • Default XML export mode (i.e. all data from the model)
    • Transformed to a required XML structure by supplying XSLT file. XSLT files can be saved in the SecTro2 database and reused any time

Research team

Professor Haris Mouratidis

Dr Michalis Pavlidis

Nikos Argyropoulos

Shaun Shei 

Output

SecTro 2 v2.0 user manual

SecTro 2 v2.0 installation guide

Download the SecTro 2 software

Partners