Abstract
The security requirements specification (SRS) is an integral aspect of the development of secured information systems and entails the formal documentation of the security needs of a system in a correct and consistent way. However, in many cases there is lack of sufficiently experienced security experts or security requirements (SR) engineer within an organization, which limits the quality of SR that are specified. This paper presents an approach that leverages ontologies and requirements boilerplates in order to alleviate the effect of lack of highly experienced personnel for SRS. It also offers a credible starting point for the SRS process. A preliminary evaluation of the tool prototype – ReqSec tool - was used to demonstrate the approach and to confirm its usability to support the SRS process. The tool helps to reduce the amount of effort required, stimulate discovery of latent security threats, and enables the specification of good quality SR.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Rushby, J.: Security Requirements Specifications: How and What? Symposium on Requirements Engineering for Information Security (SREIS), Indianapolis (2001)
Firesmith, D.: Specifying Reusable Security Requirements. Journal of Object Technology 3(1), 61–75 (2004)
Chandrabrose, A.: Alagarsami: Security Requirements Engineering – A Strategic Approach. International Journal of Computer Applications 13(3), 25–32 (2011)
Viega, J.: The CLASP Application Security Process. Training Manual, vol. 1(1). Secure Software Inc. (2005)
Mead, N., Stehney, T.: Security quality requirements engineering (SQUARE) methodology. In: Proceedings of International Conference on Software Engineering for Secure Systems (SESS 2005), pp. 1–5 (2005)
Common Criteria Implementation Board. Common Criteria for Information Technology Security Evaluation, Part 2: Security Functional Requirements (1999)
Mouratidis, H., Giorgini, P.: Secure Tropos: A security-oriented extension of the Tropos methodology. International Journal of Software Engineering and Knowledge Engineering 17(2), 285–309 (2004)
Sindre, G., Opdahl, A.: Eliciting Security Requirements with Misuse Cases. Requirements Engineering 10(1), 34–44 (2005)
Fenz, S., Ekelhart, A.: Formalizing information security knowledge. In: 4th International Symposium on Information, Computer, and Communications Security (ASIACCS 2009), pp. 183–194 (2009)
Kim, A., Luo, J., Kang, M.: Security Ontology for Annotating Resources. In: 4th International Conference on Ontologies, Databases, and Applications of Semantics, ODBASE 2005 (2005)
Herzog, A., Shahmehri, N., Duma, C.: An Ontology of Information Security. International Journal of Information Security 1(4), 1–23 (2007)
Donner, M.: Toward a Security Ontology. IEEE Security and Privacy (2003)
Souag, A., Salinesi, C., Wattiau, I.: Ontologies for Security Requirements: A Literature Survey and Classification. In: WISSE 2012 in Conjunction with 24th International Conference on Advanced Information Systems Engineering (CAiSE 2012), pp. 8 pages (June 2012)
Hull, E., Jackson, K., Dick, J.: Requirements Engineering. Springer (2004)
Daramola, O., Stålhane, T., Sindre, G., Omoronyia, I.: Enabling Hazard Identification from Requirements and Reuse-Oriented HAZOP Analysis. In: Proceeding of 4th International Workshop on Managing Requirements Knowledge, pp. 3–11. IEEE Press (2011)
Firesmith, D.: A Taxonomy of Security-Related Requirements. In: Proceedings of the International Workshop on High Assurance Systems (RHAS 2005), Paris, France (2005)
Pavlidis, M., Islam, S., Mouratidis, H.: A CASE Tool to Support Automated Modelling and Analysis of Security Requirements, Based on Secure Tropos. In: Nurcan, S. (ed.) CAiSE Forum 2011. LNBIP, vol. 107, pp. 95–109. Springer, Heidelberg (2012)
Giorgini, P., Massacci, F., Mylopoulos, J., Siena, A., Zannone, N.: ST-Tool: A CASE Tool for Modeling and Analyzing Trust Requirements. In: Herrmann, P., Issarny, V., Shiu, S.C.K. (eds.) iTrust 2005. LNCS, vol. 3477, pp. 415–419. Springer, Heidelberg (2005)
Bizhanzadeh, Y., Karpati, P.: jMUCMNav: an Editor for Misuse Case Maps. In: First Int. Workshop on Alignment of Business Process and Security Modelling (ABPSM 2011), Riga, Latvia (2011)
Tøndel, I.A., Jensen, J., Røstad, L.: Combining misuse cases with attack trees and security activity models. In: Proc. ARES 2010, pp. 438–445 (2010)
Maurya, S., Jangam, E., Talukder, M., Pais, A.R.S.: A security designers’ work-bench. In: Proc. Hack. in 2009, pp. 59–66 (2009)
Gleich, B., Creighton, O., Kof, L.: Ambiguity Detection: Towards a Tool Explaining Ambiguity Sources. In: Wieringa, R., Persson, A. (eds.) REFSQ 2010. LNCS, vol. 6182, pp. 218–232. Springer, Heidelberg (2010)
Wilson, W., Rosenberg, L., Hyatt, L.: Automated Analysis of Requirement Specifications. In: Proceedings of the International Conference on Software Engineering (ICSE 1997), pp. 161–171 (1997)
Fabrini, F., Fussani, M., Gnesi, S., Lami, G.: An Automatic Quality Evaluation for Natural Language Requirements. In: Proceeding of the Seventh International Workshop on Requirements Engineering Foundation for Software REFSQ 2001, Interlaken, Switzerland, pp. 150–164 (2001)
Farfeleder, S., Moser, T., Krall, A., Stålhane, T., Zojer, H., Panis, C.: DODT: Increasing Requirements Formalism using Domain Ontologies for Improved Embedded Systems Development. In: Proceedings of 14th IEEE Symposium on Design and Diagnostics of Electronic Circuits and Systems (DDECS 2011), pp. 1–4 (2011)
Nielsen, J., Landauer, T.: A mathematical model of the finding of usability problems. In: Proceedings of ACM INTERCHI 1993 Conference, pp. 206–213 (1993)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Daramola, O., Sindre, G., Moser, T. (2012). Ontology-Based Support for Security Requirements Specification Process. In: Herrero, P., Panetto, H., Meersman, R., Dillon, T. (eds) On the Move to Meaningful Internet Systems: OTM 2012 Workshops. OTM 2012. Lecture Notes in Computer Science, vol 7567. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33618-8_28
Download citation
DOI: https://doi.org/10.1007/978-3-642-33618-8_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33617-1
Online ISBN: 978-3-642-33618-8
eBook Packages: Computer ScienceComputer Science (R0)