Software systems become more and more critical in every domain of the human society. Transportation, telecommunications, entertainment, health care, military, education and so on the list is almost endless. These systems are used not only by major corporations and governments but also across networks of organisations and by individual users. Such wide use has resulted in these systems containing a large amount of critical information and processes which inevitably need to remain secure. Therefore, although it is important to ensure that software systems are developed according to the user needs, it is equally important to ensure that these systems are secure.
However, the common approach towards the inclusion of security within a software system is to identify security requirements after the definition of a system. This typically means that security enforcement mechanisms have to be fitted into a pre-existing design, leading to serious design challenges that usually translate into the emergence of computer systems afflicted with security vulnerabilities. Moreover, security is traditionally approached as a technical issue that requires a technical solution. This treatment of security has led to the development of a number of security mechanisms and protocols that on one hand are successfully used in modern software systems but on the other hand, they have failed to ensure an acceptable degree of security.
Security of software systems has been transformed from a mono-dimensional technical issue to a two-dimensional issue that includes a technical dimension (related to challenges and problems associated to the available technology and the infrastructure of software systems) and a social dimension (which includes issues and problems related to the correct elicitation and analysis of security requirements and the involvement of humans in securing software systems). To effectively consider both dimensions, the research literature argues that it is essential for security to be considered from the early stages and throughout the software development lifecycle and a sound software engineering methodology needs to be developed that supports the simultaneous analysis of both dimensions of security.
Secure Tropos is a security-aware software systems development methodology, which combines requirements engineering concepts, such as actor, goal, plan together with security engineering concepts such as threat, security constraint and security mechanism, under a unified process to support the analysis and development of secure and trustworthy software systems.