{"id":"https://openalex.org/W2047723056","doi":"https://doi.org/10.1109/stast.2011.6059249","title":"Security requirements engineering via commitments","display_name":"Security requirements engineering via commitments","publication_year":2011,"publication_date":"2011-09-01","ids":{"openalex":"https://openalex.org/W2047723056","doi":"https://doi.org/10.1109/stast.2011.6059249","mag":"2047723056"},"language":"en","primary_location":{"id":"doi:10.1109/stast.2011.6059249","is_oa":false,"landing_page_url":"https://doi.org/10.1109/stast.2011.6059249","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://hdl.handle.net/11572/359545","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5069677848","display_name":"Fabiano Dalpiaz","orcid":"https://orcid.org/0000-0003-4480-3887"},"institutions":[{"id":"https://openalex.org/I193223587","display_name":"University of Trento","ror":"https://ror.org/05trd4x28","country_code":"IT","type":"education","lineage":["https://openalex.org/I193223587"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Fabiano Dalpiaz","raw_affiliation_strings":["Department of Information Engineering and Computer Science, University of Trento, Italy","Department of Inf. Engineering and Computer Science, University of Trento, Italy"],"affiliations":[{"raw_affiliation_string":"Department of Information Engineering and Computer Science, University of Trento, Italy","institution_ids":["https://openalex.org/I193223587"]},{"raw_affiliation_string":"Department of Inf. Engineering and Computer Science, University of Trento, Italy","institution_ids":["https://openalex.org/I193223587"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074577975","display_name":"Elda Paja","orcid":"https://orcid.org/0000-0002-8346-2467"},"institutions":[{"id":"https://openalex.org/I193223587","display_name":"University of Trento","ror":"https://ror.org/05trd4x28","country_code":"IT","type":"education","lineage":["https://openalex.org/I193223587"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Elda Paja","raw_affiliation_strings":["Department of Information Engineering and Computer Science, University of Trento, Italy","Department of Inf. Engineering and Computer Science, University of Trento, Italy"],"affiliations":[{"raw_affiliation_string":"Department of Information Engineering and Computer Science, University of Trento, Italy","institution_ids":["https://openalex.org/I193223587"]},{"raw_affiliation_string":"Department of Inf. Engineering and Computer Science, University of Trento, Italy","institution_ids":["https://openalex.org/I193223587"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5073056211","display_name":"Paolo Giorgini","orcid":"https://orcid.org/0000-0003-4152-9683"},"institutions":[{"id":"https://openalex.org/I193223587","display_name":"University of Trento","ror":"https://ror.org/05trd4x28","country_code":"IT","type":"education","lineage":["https://openalex.org/I193223587"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Paolo Giorgini","raw_affiliation_strings":["Department of Information Engineering and Computer Science, University of Trento, Italy","Department of Inf. Engineering and Computer Science, University of Trento, Italy"],"affiliations":[{"raw_affiliation_string":"Department of Information Engineering and Computer Science, University of Trento, Italy","institution_ids":["https://openalex.org/I193223587"]},{"raw_affiliation_string":"Department of Inf. Engineering and Computer Science, University of Trento, Italy","institution_ids":["https://openalex.org/I193223587"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5069677848"],"corresponding_institution_ids":["https://openalex.org/I193223587"],"apc_list":null,"apc_paid":null,"fwci":17.5822,"has_fulltext":false,"cited_by_count":41,"citation_normalized_percentile":{"value":0.98896178,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"4801","issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10639","display_name":"Advanced Software Engineering Methodologies","score":0.9958999752998352,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9929999709129333,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/security-engineering","display_name":"Security engineering","score":0.748759925365448},{"id":"https://openalex.org/keywords/requirements-elicitation","display_name":"Requirements elicitation","score":0.696367621421814},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6362656950950623},{"id":"https://openalex.org/keywords/computer-security-model","display_name":"Computer security model","score":0.6044192314147949},{"id":"https://openalex.org/keywords/requirements-engineering","display_name":"Requirements engineering","score":0.6024458408355713},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.6012663841247559},{"id":"https://openalex.org/keywords/security-through-obscurity","display_name":"Security through obscurity","score":0.5024111270904541},{"id":"https://openalex.org/keywords/requirements-analysis","display_name":"Requirements analysis","score":0.4940231442451477},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.4673942029476166},{"id":"https://openalex.org/keywords/requirements-management","display_name":"Requirements management","score":0.4655735194683075},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.43535029888153076},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.4273684620857239},{"id":"https://openalex.org/keywords/business-requirements","display_name":"Business requirements","score":0.422461599111557},{"id":"https://openalex.org/keywords/non-functional-requirement","display_name":"Non-functional requirement","score":0.41972461342811584},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.4188334047794342},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4036708474159241},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.36921316385269165},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.23558172583580017},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.17177391052246094},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.1711502969264984},{"id":"https://openalex.org/keywords/business-process","display_name":"Business process","score":0.11992624402046204},{"id":"https://openalex.org/keywords/software-system","display_name":"Software system","score":0.1167561411857605},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.09577029943466187},{"id":"https://openalex.org/keywords/operations-management","display_name":"Operations management","score":0.0881054699420929},{"id":"https://openalex.org/keywords/work-in-process","display_name":"Work in process","score":0.07258480787277222}],"concepts":[{"id":"https://openalex.org/C13159133","wikidata":"https://www.wikidata.org/wiki/Q365674","display_name":"Security engineering","level":5,"score":0.748759925365448},{"id":"https://openalex.org/C45384764","wikidata":"https://www.wikidata.org/wiki/Q838667","display_name":"Requirements elicitation","level":4,"score":0.696367621421814},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6362656950950623},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.6044192314147949},{"id":"https://openalex.org/C6604083","wikidata":"https://www.wikidata.org/wiki/Q376937","display_name":"Requirements engineering","level":3,"score":0.6024458408355713},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.6012663841247559},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.5024111270904541},{"id":"https://openalex.org/C59488412","wikidata":"https://www.wikidata.org/wiki/Q187147","display_name":"Requirements analysis","level":3,"score":0.4940231442451477},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.4673942029476166},{"id":"https://openalex.org/C173577280","wikidata":"https://www.wikidata.org/wiki/Q530038","display_name":"Requirements management","level":4,"score":0.4655735194683075},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.43535029888153076},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.4273684620857239},{"id":"https://openalex.org/C123247970","wikidata":"https://www.wikidata.org/wiki/Q5001932","display_name":"Business requirements","level":4,"score":0.422461599111557},{"id":"https://openalex.org/C199747065","wikidata":"https://www.wikidata.org/wiki/Q3254666","display_name":"Non-functional requirement","level":5,"score":0.41972461342811584},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.4188334047794342},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4036708474159241},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.36921316385269165},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.23558172583580017},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.17177391052246094},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.1711502969264984},{"id":"https://openalex.org/C85345410","wikidata":"https://www.wikidata.org/wiki/Q851587","display_name":"Business process","level":3,"score":0.11992624402046204},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.1167561411857605},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.09577029943466187},{"id":"https://openalex.org/C21547014","wikidata":"https://www.wikidata.org/wiki/Q1423657","display_name":"Operations management","level":1,"score":0.0881054699420929},{"id":"https://openalex.org/C174998907","wikidata":"https://www.wikidata.org/wiki/Q357662","display_name":"Work in process","level":2,"score":0.07258480787277222},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C186846655","wikidata":"https://www.wikidata.org/wiki/Q3398377","display_name":"Software construction","level":4,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0}],"mesh":[],"locations_count":5,"locations":[{"id":"doi:10.1109/stast.2011.6059249","is_oa":false,"landing_page_url":"https://doi.org/10.1109/stast.2011.6059249","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST)","raw_type":"proceedings-article"},{"id":"pmh:oai:eprints.biblio.unitn.it:2238","is_oa":false,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4306400311","display_name":"Unitn Eprints Research (Universit\u00e0 Degli Studi di Trento)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I193223587","host_organization_name":"University of Trento","host_organization_lineage":["https://openalex.org/I193223587"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":"","raw_type":"Departmental Technical Report"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.230.6130","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.230.6130","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://disi.unitn.it/%7Edalpiaz/doku/lib/exe/fetch.php?media=dalp-paja-gior-11-stast.pdf","raw_type":"text"},{"id":"pmh:oai:iris.unitn.it:11572/359545","is_oa":true,"landing_page_url":"https://hdl.handle.net/11572/359545","pdf_url":null,"source":{"id":"https://openalex.org/S4306401913","display_name":"Institutional Research Information System (Universit\u00e0 degli Studi di Trento)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I193223587","host_organization_name":"University of Trento","host_organization_lineage":["https://openalex.org/I193223587"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"info:eu-repo/semantics/other"},{"id":"pmh:oai:iris.unitn.it:11572/89838","is_oa":false,"landing_page_url":"http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=6059249","pdf_url":null,"source":{"id":"https://openalex.org/S4306401913","display_name":"Institutional Research Information System (Universit\u00e0 degli Studi di Trento)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I193223587","host_organization_name":"University of Trento","host_organization_lineage":["https://openalex.org/I193223587"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/conferenceObject"}],"best_oa_location":{"id":"pmh:oai:iris.unitn.it:11572/359545","is_oa":true,"landing_page_url":"https://hdl.handle.net/11572/359545","pdf_url":null,"source":{"id":"https://openalex.org/S4306401913","display_name":"Institutional Research Information System (Universit\u00e0 degli Studi di Trento)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I193223587","host_organization_name":"University of Trento","host_organization_lineage":["https://openalex.org/I193223587"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"info:eu-repo/semantics/other"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W1481274198","https://openalex.org/W1571676245","https://openalex.org/W1624528677","https://openalex.org/W1879784276","https://openalex.org/W1912066346","https://openalex.org/W2015712664","https://openalex.org/W2097154968","https://openalex.org/W2107930672","https://openalex.org/W2110157102","https://openalex.org/W2130310983","https://openalex.org/W2131730994","https://openalex.org/W2144642244","https://openalex.org/W2150071393","https://openalex.org/W2158572645","https://openalex.org/W2160339156","https://openalex.org/W2491993086","https://openalex.org/W3137928250","https://openalex.org/W3161918289","https://openalex.org/W4229680087","https://openalex.org/W6639394758"],"related_works":["https://openalex.org/W2758128462","https://openalex.org/W4288788915","https://openalex.org/W4230481354","https://openalex.org/W2243653617","https://openalex.org/W1978608362","https://openalex.org/W1490921502","https://openalex.org/W2048472863","https://openalex.org/W64923018","https://openalex.org/W3153864189","https://openalex.org/W4224303169"],"abstract_inverted_index":{"Security":[0,82],"Requirements":[1],"Engineering":[2],"(SRE)":[3],"is":[4],"concerned":[5],"with":[6,58,91],"the":[7,13,19,62,78,104,115],"elicitation":[8],"of":[9,15,18,61],"security":[10,16,45,63,67,75],"needs":[11,28,64],"and":[12,65],"specification":[14],"requirements":[17,68,76,83],"system-to-be.":[20,116],"Current":[21],"approaches":[22],"to":[23,36,38,77,97],"SRE":[24,54],"either":[25],"express":[26],"stakeholders'":[27],"via":[29],"high-level":[30],"organisational":[31],"abstractions":[32],"that":[33,56,100],"are":[34,84],"hard":[35],"map":[37],"system":[39],"design,":[40],"or":[41],"specify":[42],"only":[43],"technical":[44],"requirements.":[46],"In":[47],"this":[48],"paper,":[49],"we":[50],"introduce":[51],"SecCo,":[52],"an":[53],"framework":[55],"starts":[57],"goal-oriented":[59],"modelling":[60],"derives":[66],"from":[69,94],"such":[70],"needs.":[71],"Importantly,":[72],"SecCo":[73],"relates":[74],"interaction":[79],"among":[80],"actors.":[81],"specified":[85],"as":[86],"social":[87],"commitments":[88,110],"-":[89,99],"promises":[90],"contractual":[92],"validity":[93],"one":[95],"actor":[96],"another":[98],"define":[101],"constraints":[102],"on":[103],"way":[105],"actors":[106],"can":[107],"interact.":[108],"These":[109],"shall":[111],"be":[112],"implemented":[113],"by":[114]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":2},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":4},{"year":2017,"cited_by_count":3},{"year":2015,"cited_by_count":3},{"year":2014,"cited_by_count":9},{"year":2013,"cited_by_count":6},{"year":2012,"cited_by_count":7}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}