Skip to main content
SpringerLink
Log in

Modeling and Utilizing Security Knowledge for Eliciting Security Requirements

  • Conference paper
  • First Online:
Advances in Conceptual Modeling (ER 2015)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 9382))

Included in the following conference series:

  • 1202 Accesses

Abstract

In order to develop secure information systems with less development cost, it is important to elicit the requirements to security functions (simply security requirements) as early in their development process as possible. To achieve it, accumulated knowledge of threats and their objectives obtained from practical experiences is useful, and the technique to support the elicitation of security requirements utilizing this knowledge should be developed. In this paper, we present the technique for security requirements elicitation using practical knowledge of threats, their objectives and security functions realizing the objectives, which is extracted from Security Target documents compliant to the standard Common Criteria. We show the usefulness of our approach with several case studies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.ipa.go.jp/security/jisec/certified_products/c0251/c0251_st.pdf.

  2. 2.

    http://www.ipa.go.jp/security/jisec/certified_products/c0229/c0229_st.pdf.

  3. 3.

    https://www.ipa.go.jp/security/jisec/certified_products/c0191/c0191_st.pdf.

  4. 4.

    https://www.commoncriteriaportal.org/files/epfiles/1627_ST-Version_1_9%20(2).pdf.

References

  1. Common Criteria : New CC Portal. http://www.commoncriteriaportal.org/

  2. Abe, T., Hayashi, S., Saeki, M.: Modeling security threat patterns to derive negative scenarios. In: Proceedings APSEC, pp. 58–66 (2013)

    Google Scholar 

  3. Elahi, G., Yu, E., Zannone, N.: A modeling ontology for integrating vulnerabilities into security requirements conceptual foundations. In: Proceeding of the ER, pp. 99–114 (2009)

    Google Scholar 

  4. Hernan, S., Lambert, S., Ostwald, T., Shostack, A.: Threat modeling: Uncover security design flaws using the STRIDE approach (2006). http://msdn.microsoft.com/en-us/magazine/cc163519.aspx

  5. Kaiya, H., Sakai, J., Ogata, S., Kaijiri, K.: Eliciting security requirements for an information system using asset flows and processor deployment. IJSSE 4(3), 42–63 (2013)

    Google Scholar 

  6. Saeki, M., Kaiya, H.: Security requirements elicitation using method weaving and common criteria. In: Chaudron, M.R.V. (ed.) MODELS 2008. LNCS, vol. 5421, pp. 185–196. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  7. Saeki, M., Hayashi, S., Kaiya, H.: Enhancing goal-oriented security requirements analysis using common criteria-based knowledge. IJSEKE 23(5), 695–720 (2013)

    Google Scholar 

  8. Taentzer, G.: AGG: A graph transformation environment for modeling and validation of software. In: Pfaltz, J.L., Nagl, M., Böhlen, B. (eds.) AGTIVE 2003. LNCS, vol. 3062, pp. 446–453. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  9. Yoshioka, N., Washizaki, H., Maruyama, K.: A survey on security patterns. Prog. Inform. 5, 35–47 (2008)

    Article  Google Scholar 

Download references

Acknowledgments

This work was partly supported by JSPS Grants-in-Aid for Scientific Research (#15K00088).

Author information

Authors and Affiliations

  1. Department of Computer Science, Tokyo Institute of Technology, Ookayama 2–12–1–W8–83, Meguro-ku, Tokyo, 152–8552, Japan

    Tatsuya Abe, Shinpei Hayashi & Motoshi Saeki

Authors
  1. Tatsuya Abe
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shinpei Hayashi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Motoshi Saeki
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shinpei Hayashi .

Editor information

Editors and Affiliations

  1. University of Skövde, Skövde, Sweden

    Manfred A. Jeusfeld

  2. Indian Institute of Technology, Gujarat, India

    Kamalakar Karlapalem

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Abe, T., Hayashi, S., Saeki, M. (2015). Modeling and Utilizing Security Knowledge for Eliciting Security Requirements. In: Jeusfeld, M., Karlapalem, K. (eds) Advances in Conceptual Modeling. ER 2015. Lecture Notes in Computer Science(), vol 9382. Springer, Cham. https://doi.org/10.1007/978-3-319-25747-1_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-25747-1_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-25746-4

  • Online ISBN: 978-3-319-25747-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation