A Security Ontology for Security Requirements Elicitation

Souag, Amina; Salinesi, Camille; Mazo, Raúl; Comyn-Wattiau, Isabelle

doi:10.1007/978-3-319-15618-7_13

Cited by 45 publications

(29 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…(b) The method is generic in the sense that it is designed to be used with a generic security ontology [12] and any domain ontologies; as long as they embed, some expected knowledge. (c) The defined rules allow the method to automatically exhibit an appropriate ontological semantics (security and domain specific) to the engineer in charge of requirements elicitation (agents, objects, threats, security requirements, etc.).…”

Section: The Aman-da Methodsmentioning

confidence: 99%

“…A controlled experiment with end-users was performed to evaluate its usability. The paper [12] presents in detail the construction of the ontology, its concepts and relations and reports its evaluation. …”

Section: Ontologies In Aman-damentioning

confidence: 99%

“…Using an input maritime domain ontology (Figure 18), the core security ontology (presented in [12], Figures 4 and 17) and the security goal and requirements specification models in addition to the rules presented above, a case study related to a maritime domain was undertaken in order to assess the efficacy of AMAN-DA for generating security requirements.…”

Section: Security Requirements Elicitation Rulesmentioning

confidence: 99%

See 2 more Smart Citations

Using the AMAN-DA method to generate security requirements: a case study in the maritime domain

et al. 2017

Self Cite

View full text Add to dashboard Cite

Abstract. [Context and motivation]Security requirements are known to be "the most difficult of requirements types", and potentially the ones causing the greatest risk if they are not correct. One approach to requirements elicitation is based on the reuse of explicit knowledge. AMAN-DA is a requirement elicitation method that reuses encapsulated knowledge in security and domain ontologies to produce security requirements specifications.[Question/Problem] The main research question addressed in this paper is to what extent is AMAN-DA able to generate domain specific security requirements? [Principal idea/results] Following a well-documented process, a case study related to the maritime domain was undertaken with the goal to demonstrate the utility and effectiveness of AMAN-DA for the elicitation and analysis of domain specific security requirements. The usefulness of the method was also evaluated with a group of twelve experts.[Contribution] The paper demonstrates the elicitation of domain specific security requirements by presenting the AMAN-DA method and its application. It describes the evaluation and reports some significant results and their implications for practice, and future research, especially for the field of knowledge reuse in requirements engineering.

show abstract

Section: The Aman-da Methodsmentioning

confidence: 99%

Section: Ontologies In Aman-damentioning

confidence: 99%

Section: Security Requirements Elicitation Rulesmentioning

confidence: 99%

See 1 more Smart Citation

Using the AMAN-DA method to generate security requirements: a case study in the maritime domain

et al. 2017

Self Cite

View full text Add to dashboard Cite

show abstract

“…Using a domain ontology [30] would greatly simplify the requirements analyst's effort in refining norms. In addition, the process of norm extraction from requirements can be automated via adopting a natural language processing approach.…”

Section: Scalabilitymentioning

confidence: 99%

NANE: Identifying Misuse Cases Using Temporal Norm Enactments

Kafalı

Singh

Williams

2016

2016 IEEE 24th International Requirements Engineering Conference (RE)

View full text Add to dashboard Cite

Abstract-Recent data breaches in domains such as healthcare where confidentiality of data is crucial indicate that breaches often originate from misuses, not only from vulnerabilities in the technical (software or hardware) architecture. Current requirements engineering (RE) approaches determine what access control mechanisms are needed to protect sensitive resources (assets). However, current RE approaches inadequately characterize how a user is expected to interact with others in relation to the relevant assets. Consequently, a requirements analyst cannot readily identify misuses by legitimate users. We adopt social norms as a natural, formal means of characterizing user interactions whereby potential misuses map to norm violations. Our research goal is to help analysts identify misuse cases by formal reasoning about norm enactments. We propose NANE, a formal framework for identifying such misuse cases using a semiautomated process. We demonstrate how NANE enables monitoring of potential misuses on a healthcare scenario.

show abstract

“…[11]; [12]; [13]; [14]; [15,16]; [17]; [18]; [19]; [20]; [21]; [22]; [23]; [24]; [25]; [26]; [27]; [28]; [29]; [30]; [31]; [32]; [33]; [34]; [35]; [36]; [37]; [38]; [39]; [40]; [41]; [42]; [43]; [44]; [45]; [44]; [8]; [46]; [47]. Generic and abstract proposals (Top-Level Ontologies) can be found in [48], [3], [49], [50], and [51]. Specific proposals (Task and Application Ontologies) can be found in [52], [53], and [54].…”

Section: Surveymentioning

confidence: 99%

A Survey of Security Assessment Ontologies

Rosa¹,

Jino²

2017

Advances in Intelligent Systems and Computing

View full text Add to dashboard Cite

Abstract.A literature survey on ontologies concerning the Security Assessment domain has been carried out to uncover initiatives that aim at formalizing concepts from the "Security Assessment" field of research. A preliminary analysis and a discussion on the selected works are presented. Our main contribution is an updated literature review, describing key characteristics, results, research issues, and application domains of the papers. We have also detected gaps in the Security Assessment literature that could be the subject of further studies in the field. This work is meant to be useful for security researchers who wish to adopt a formal approach in their methods.

show abstract

A Security Ontology for Security Requirements Elicitation

Cited by 45 publications

References 29 publications

Using the AMAN-DA method to generate security requirements: a case study in the maritime domain

Using the AMAN-DA method to generate security requirements: a case study in the maritime domain

NANE: Identifying Misuse Cases Using Temporal Norm Enactments

A Survey of Security Assessment Ontologies

Contact Info

Product

Resources

About