Abstract
Software Requirement Specification (SRS) is frequently evolving to reflect requirements change during project development. Therefore, it needs enhancement to facilitate its authoring and reuse. This paper proposes a framework for building a part of SRS related to information security requirements (ISRs) using ontologies. Such a framework allows ensuring ISRs traceability and reuse. The framework uses three kinds of generic ontologies as a solution to this problem - software requirement ontology, application domain ontology, information security ontology. We propose to enhance SRS by associating the ISR with specific entities within ontologies. We aim to facilitate a semantic-based interpretation of ISRs by restricting their interpretation through the three previous ontologies. Semantic form is used to improve our ability to create, manage, and maintain ISRs. We anticipate that the proposed framework would be very helpful for requirements engineers to create and understand the ISRs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Happel, H.J., Seedorf, S.: Applications of Ontologies in Software Engineering. In: Proceedings of the International Workshop on Semantic Web Enabled Software Engineering, SWESE (2006)
Decker, B., Rech, J., Ras, E., Klein, B., Hoecht, C.: Self Organized Reuse of Software Engineering Knowledge Supported by Semantic Wikis. In: Proceedings of the Workshop on Semantic Web Enabled Software Engineering (SWESE) (November 2005)
Ayank, V., Kositsyna, N., Austin, M.: Requirements Engineering and the Semantic Web, Representation, Management, and Validation of Requirements and System-Level Architectures. Technical Report, Part II, TR 2004-14, University of Maryland (2004)
Wouters, B., Deridder, D., Van Paesschen, E.: The Use of Ontologies as a Backbone for Use Case Management. In: Proceedings of the European Conference on Object-Oriented Programming (ECOOP), Workshop: Objects and Classifications, A Natural Convergence (2000)
Asheras, J., Valencia-García, R., Fernández-Breis, J.T., Toval, A.: Modelling Reusable Security Requirements based on an Ontology Framework. Journal of Research and Practice in Information Technology 41(2) (May 2009)
Kaiya, H., Saeki, M.: Using Domain Ontology as Domain Knowledge for Requirements Elicitation. In: Proceedings of the IEEE International Requirement Engineering Conference, pp. 186–195 (2006)
Yanwu, Y., Xia, F., Zhang, W., Xiao, X., Li, Y., Li, X.: Towards Semantic Requirement Engineering, Semantic Computing and Systems. In: IEEE International Workshop on Semantic Computing and Systems, pp. 67–71 (2008)
Cheng, B.H.C., Atlee, J.M.: Research Directions in Requirements Engineering. In: Future of Software Engineering (FOSE), in ICSE, pp. 285–303. IEEE Computer Society, Minneapolis (2007)
Sommerville, I.: Software Engineering. Pearson Education, London (2011)
Bourque, P., Dupuis, R. (eds.): Guide to the Software Engineering Body of Knowledge. IEEE Computer Society, Los Alamitos (2004)
Pohl, K.: Requirements Engineering - Grundlagen, Prinzipien, Techniken. Dpunkt Verlag (2007)
ISO27002, ISO/IEC 17799-27002 Code of Practice for Information Security Management (2005)
Mead, N.R.: Security Requirements Engineering (2006), https://buildsecurityin.us-cert.gov/bsi/articles/best-practices/requirements/243-BSI.html
Tsoumas, B., Gritzalis, D.: Towards an Ontology based Security Management. In: Proceedings of the 20th International Conference on Advanced Information Networking and Applications. IEEE Computer Society, Los Alamitos (2006)
Fenz, S., Ekelhart, A.: Formalizing information security knowledge. In: Proceedings of the ACM Symposium on Information, Computer and Communications Security (2009)
IST. An Introduction to Computer Security – The NIST Handbook. Technical report, NIST (National Institute of Standards and Technology) (October 1995); Special Publication 800-12
Lauesen, S.: Software Requirements - Styles and Techniques. Addison-Wesley, Reading (2002)
Lee, S.-W., Gandhi, R., Muthurajan, D., Yavagal, D., Ahn, G.-J.: Building Problem Domain Ontology from Security Requirements in Regulatory Documents. In: Proceedings of the International Workshop on Software Engineering for Secure Systems (2006)
Popov, B., Kiryakov, A., Ognyanoff, D., Manov, D., Kirilov, A.: KIM – A Semantic Platform for Information Extraction and Retrieval. Journal of Natural Language Engineering 10(3-4), 375–392 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chikh, A., Abulaish, M., Nabi, S.I., Alghathbar, K. (2011). An Ontology Based Information Security Requirements Engineering Framework. In: Park, J.J., Lopez, J., Yeo, SS., Shon, T., Taniar, D. (eds) Secure and Trust Computing, Data Management and Applications. STA 2011. Communications in Computer and Information Science, vol 186. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22339-6_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-22339-6_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22338-9
Online ISBN: 978-3-642-22339-6
eBook Packages: Computer ScienceComputer Science (R0)