Paolo Giorgini

Paolo Giorgini is Associate Professor in the Department of Engineering and Computer Science at the University of Trento.

  • Security Requirements Engineering

    Security Requirements Engineering

    Designing Secure Socio-Technical Systems

    Fabiano Dalpiaz, Elda Paja, and Paolo Giorgini

    A novel, model-driven approach to security requirements engineering that focuses on socio-technical systems rather than merely technical systems.

    Security requirements engineering is especially challenging because designers must consider not just the software under design but also interactions among people, organizations, hardware, and software. Taking this broader perspective means designing a secure socio-technical system rather than a merely technical system. This book presents a novel, model-driven approach to designing secure socio-technical systems. It introduces the Socio-Technical Modeling Language (STS-ML) and presents a freely available software tool, STS-Tool, that supports this design approach through graphical modeling, automated reasoning capabilities to verify the models constructed, and the automatic derivation of security requirements documents.

    After an introduction to security requirements engineering and an overview of computer and information security, the book presents the STS-ML modeling language, introducing the modeling concepts used, explaining how to use STS-ML within the STS method for security requirements, and providing guidelines for the creation of models. The book then puts the STS approach into practice, introducing the STS-Tool and presenting two case studies from industry: an online collaborative platform and an e-Government system. Finally, the book considers other methods that can be used in conjunction with the STS method or that constitute an alternative to it. The book is suitable for course use or as a reference for practitioners. Exercises, review questions, and problems appear at the end of each chapter.

  • Social Modeling for Requirements Engineering

    Social Modeling for Requirements Engineering

    Eric Yu, Paolo Giorgini, Neil Maiden, and John Mylopoulos

    A novel perspective on requirements engineering, founded on social concepts and strategic analysis of relationships among social actors.

    Much of the difficulty in creating information technology systems that truly meet people's needs lies in the problem of pinning down system requirements. This book offers a new approach to the requirements challenge, based on modeling and analyzing the relationships among stakeholders. Although the importance of the system-environment relationship has long been recognized in the requirements engineering field, most requirements modeling techniques express the relationship in mechanistic and behavioral terms.

    This book describes a modeling approach (called the i* framework) that conceives of software-based information systems as being situated in environments in which social actors relate to each other in terms of goals to be achieved, tasks to be performed, and resources to be furnished. Social perspectives on computing have provided much insight for many years. The i* framework aims to offer a modeling approach to the relationships embedded in computer systems that is part of an engineering method that offers systematic techniques and tools providing smooth linkages to the rest of the system development process, including system design and implementation.

    The book includes Eric Yu's original proposal for the i* framework as well as research that applies, adapts, extends, or evaluates the social modeling concepts and approach.