Skip to main content
SpringerLink
Log in

Ontology-Based Support for Security Requirements Specification Process

  • Conference paper
Book cover On the Move to Meaningful Internet Systems: OTM 2012 Workshops (OTM 2012)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 7567))

Abstract

The security requirements specification (SRS) is an integral aspect of the development of secured information systems and entails the formal documentation of the security needs of a system in a correct and consistent way. However, in many cases there is lack of sufficiently experienced security experts or security requirements (SR) engineer within an organization, which limits the quality of SR that are specified. This paper presents an approach that leverages ontologies and requirements boilerplates in order to alleviate the effect of lack of highly experienced personnel for SRS. It also offers a credible starting point for the SRS process. A preliminary evaluation of the tool prototype – ReqSec tool - was used to demonstrate the approach and to confirm its usability to support the SRS process. The tool helps to reduce the amount of effort required, stimulate discovery of latent security threats, and enables the specification of good quality SR.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Rushby, J.: Security Requirements Specifications: How and What? Symposium on Requirements Engineering for Information Security (SREIS), Indianapolis (2001)

    Google Scholar 

  2. Firesmith, D.: Specifying Reusable Security Requirements. Journal of Object Technology 3(1), 61–75 (2004)

    Article  Google Scholar 

  3. Chandrabrose, A.: Alagarsami: Security Requirements Engineering – A Strategic Approach. International Journal of Computer Applications 13(3), 25–32 (2011)

    Google Scholar 

  4. Viega, J.: The CLASP Application Security Process. Training Manual, vol. 1(1). Secure Software Inc. (2005)

    Google Scholar 

  5. Mead, N., Stehney, T.: Security quality requirements engineering (SQUARE) methodology. In: Proceedings of International Conference on Software Engineering for Secure Systems (SESS 2005), pp. 1–5 (2005)

    Google Scholar 

  6. Common Criteria Implementation Board. Common Criteria for Information Technology Security Evaluation, Part 2: Security Functional Requirements (1999)

    Google Scholar 

  7. Mouratidis, H., Giorgini, P.: Secure Tropos: A security-oriented extension of the Tropos methodology. International Journal of Software Engineering and Knowledge Engineering 17(2), 285–309 (2004)

    Article  Google Scholar 

  8. Sindre, G., Opdahl, A.: Eliciting Security Requirements with Misuse Cases. Requirements Engineering 10(1), 34–44 (2005)

    Article  Google Scholar 

  9. Fenz, S., Ekelhart, A.: Formalizing information security knowledge. In: 4th International Symposium on Information, Computer, and Communications Security (ASIACCS 2009), pp. 183–194 (2009)

    Google Scholar 

  10. Kim, A., Luo, J., Kang, M.: Security Ontology for Annotating Resources. In: 4th International Conference on Ontologies, Databases, and Applications of Semantics, ODBASE 2005 (2005)

    Google Scholar 

  11. Herzog, A., Shahmehri, N., Duma, C.: An Ontology of Information Security. International Journal of Information Security 1(4), 1–23 (2007)

    Article  Google Scholar 

  12. Donner, M.: Toward a Security Ontology. IEEE Security and Privacy (2003)

    Google Scholar 

  13. Souag, A., Salinesi, C., Wattiau, I.: Ontologies for Security Requirements: A Literature Survey and Classification. In: WISSE 2012 in Conjunction with 24th International Conference on Advanced Information Systems Engineering (CAiSE 2012), pp. 8 pages (June 2012)

    Google Scholar 

  14. Hull, E., Jackson, K., Dick, J.: Requirements Engineering. Springer (2004)

    Google Scholar 

  15. Daramola, O., Stålhane, T., Sindre, G., Omoronyia, I.: Enabling Hazard Identification from Requirements and Reuse-Oriented HAZOP Analysis. In: Proceeding of 4th International Workshop on Managing Requirements Knowledge, pp. 3–11. IEEE Press (2011)

    Google Scholar 

  16. Firesmith, D.: A Taxonomy of Security-Related Requirements. In: Proceedings of the International Workshop on High Assurance Systems (RHAS 2005), Paris, France (2005)

    Google Scholar 

  17. Pavlidis, M., Islam, S., Mouratidis, H.: A CASE Tool to Support Automated Modelling and Analysis of Security Requirements, Based on Secure Tropos. In: Nurcan, S. (ed.) CAiSE Forum 2011. LNBIP, vol. 107, pp. 95–109. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  18. Giorgini, P., Massacci, F., Mylopoulos, J., Siena, A., Zannone, N.: ST-Tool: A CASE Tool for Modeling and Analyzing Trust Requirements. In: Herrmann, P., Issarny, V., Shiu, S.C.K. (eds.) iTrust 2005. LNCS, vol. 3477, pp. 415–419. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  19. Bizhanzadeh, Y., Karpati, P.: jMUCMNav: an Editor for Misuse Case Maps. In: First Int. Workshop on Alignment of Business Process and Security Modelling (ABPSM 2011), Riga, Latvia (2011)

    Google Scholar 

  20. Tøndel, I.A., Jensen, J., Røstad, L.: Combining misuse cases with attack trees and security activity models. In: Proc. ARES 2010, pp. 438–445 (2010)

    Google Scholar 

  21. http://sourceforge.net/apps/mediawiki/seamonster/

  22. Maurya, S., Jangam, E., Talukder, M., Pais, A.R.S.: A security designers’ work-bench. In: Proc. Hack. in 2009, pp. 59–66 (2009)

    Google Scholar 

  23. Gleich, B., Creighton, O., Kof, L.: Ambiguity Detection: Towards a Tool Explaining Ambiguity Sources. In: Wieringa, R., Persson, A. (eds.) REFSQ 2010. LNCS, vol. 6182, pp. 218–232. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  24. Wilson, W., Rosenberg, L., Hyatt, L.: Automated Analysis of Requirement Specifications. In: Proceedings of the International Conference on Software Engineering (ICSE 1997), pp. 161–171 (1997)

    Google Scholar 

  25. Fabrini, F., Fussani, M., Gnesi, S., Lami, G.: An Automatic Quality Evaluation for Natural Language Requirements. In: Proceeding of the Seventh International Workshop on Requirements Engineering Foundation for Software REFSQ 2001, Interlaken, Switzerland, pp. 150–164 (2001)

    Google Scholar 

  26. Farfeleder, S., Moser, T., Krall, A., Stålhane, T., Zojer, H., Panis, C.: DODT: Increasing Requirements Formalism using Domain Ontologies for Improved Embedded Systems Development. In: Proceedings of 14th IEEE Symposium on Design and Diagnostics of Electronic Circuits and Systems (DDECS 2011), pp. 1–4 (2011)

    Google Scholar 

  27. Nielsen, J., Landauer, T.: A mathematical model of the finding of usability problems. In: Proceedings of ACM INTERCHI 1993 Conference, pp. 206–213 (1993)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer and Information Sciences, Covenant University, Ota, Nigeria

    Olawande Daramola

  2. Department of Computer and Information Science, Norwegian University of Science and Technology (NTNU), Norway

    Olawande Daramola & Guttorm Sindre

  3. Christian Doppler Laboratory for Software Engineering Integration for Flexible Automation Systems, Vienna University of Technology, Austria

    Thomas Moser

Authors
  1. Olawande Daramola
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Guttorm Sindre
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thomas Moser
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Facultad de Informática, Universidad Politécnica de Madrid, Campus de Montegancedo S/N, Boadilla del Monte, 28660, Madrid, Spain

    Pilar Herrero

  2. Research Centre for Automatic Control, School of Engineering in Information Technology, University of Lorraine, CNRS, Campus scientifique, BP 70239, 54506, Vandoeuvre-les-Nancy, France

    Hervé Panetto

  3. Department of Computer Science, Semantic Technology and Application Research Laboratory (STARLab), Vrije Universiteit Brussel, Building G-10, Pleinlaan 2, 1050, Brussels, Belgium

    Robert Meersman

  4. La Trobe University, Melbourne, VIC, Australia

    Tharam Dillon

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Daramola, O., Sindre, G., Moser, T. (2012). Ontology-Based Support for Security Requirements Specification Process. In: Herrero, P., Panetto, H., Meersman, R., Dillon, T. (eds) On the Move to Meaningful Internet Systems: OTM 2012 Workshops. OTM 2012. Lecture Notes in Computer Science, vol 7567. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33618-8_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33618-8_28

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33617-1

  • Online ISBN: 978-3-642-33618-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation