University of Trás-os-Montes and Alto Douro
Security Requirements Engineering (SRE) is concerned with detecting and analyzing security issues early in the software development process. Some variants of i start since early requirements and rely on modelling actors and their dependencies. Though useful for traditional information systems development, these approaches adopt a bird's eye perspective that is inadequate for service-oriented applications, in which multiple autonomous and heterogeneous agents interact to achieve their own strategic interests. In this paper, the authors present SecCo (Security via Commitments), a novel SRE frame-work expressly thought for service-oriented settings.