Formal derivation of security design specifications from security requirements

Security is an afterthought process for the development of software in earlier days but now the time has been changed. Now, security is on top priority and involved from the beginning of software development. Security requirements are the prime concern for the development and quality of any software product. The specification and verification of security requirements need a lot of attention from the computer science community in the process of the software development life cycle. Formal Methods are a widely used and well-recognized approach for the specification and verification of any safety-critical system. Formal methods play an important role in the requirement phase to the design phase of software development. In this study, we summarized the outcomes of related papers to find out the current state of the art in the proposed area.In this manuscript, three research questions are frame and we try to find the answer to these research questions to the best of our effort and knowledge. The objective of this research paper is to find out the gap analysis, state of art, and trends in the proposed area. The academician needs to pursue more effort toward the formal specification of security requirements, providing a deeper understanding to help security experts in the development of systems.

show abstract

“…• Hassan et al 31 proposed a novel approach for design specification from the security requirement by integrating the KAOS method and B-Method.…”

Section: Framework By Different Researchers Related To the Proposed Areamentioning

confidence: 99%

“…Goal-oriented approach KAOS 31 KAOS method is based on first-order logic temporal logic that formally constructs a complete, consistent, and clear security requirement model. In this method, security requirements are set as a goal to be achieved by the systems.…”

Section: Theorem Proversmentioning

confidence: 99%

A review on security requirements specification by formal methods

Mishra

Mustafa

2021

Concurrency and Computation

View full text Add to dashboard Cite

show abstract

“…These two frameworks pioneered in promoting goal-oriented requirements engineering (GORE). For example, KAOS has been employed in many other proposals for deriving functional specification from stakeholder goals (e.g., Hassan et al [83], Aziz et al [19]), and NFR-F has been widely adopted for capturing non-functional requirements (e.g., i* [176], Tropos [30], and Techne [101]).…”

Section: Requirements Modeling Languagesmentioning

confidence: 99%

Desiree - a Refinement Calculus for Requirements Engineering

Li,

Mylopoulos

2016

Preprint

View full text Add to dashboard Cite

The requirements elicited from stakeholders suffer from various afflictions, including informality, incompleteness, ambiguity, vagueness, inconsistencies, and more. It is the task of requirements engineering pREq processes to derive from these an eligible (formal, complete enough, unambiguous, consistent, measurable, satisfiable, modifiable and traceable) requirements specification that truly captures stakeholder needs.We propose Desiree, a refinement calculus for systematically transforming stakeholder requirements into an eligible specification. The core of the calculus is a rich set of requirements operators that iteratively transform stakeholder requirements by strengthening or weakening them, thereby reducing incompleteness, removing ambiguities and vagueness, eliminating unattainability and conflicts, turning them into an eligible specification. The framework also includes an ontology for modeling and classifying requirements, a description-based language for representing requirements, as well as a systematic method for applying the concepts and operators in order to engineer an eligible specification from stakeholder requirements. In addition, we define the semantics of the requirements concepts and operators, and develop a graphical modeling tool in support of the entire framework.To evaluate our proposal, we have conducted a series of empirical evaluations, including an ontology evaluation by classifying a large public requirements set, a language evaluation by rewriting the large set of requirements using our description-based syntax, a method evaluation through a realistic case study, and an evaluation of the entire framework through three controlled experiments. The results of our evaluations show that our ontology, language, and method are adequate in capturing requirements in practice, and offer strong evidence that with sufficient training, our framework indeed helps people conduct more effective requirements engineering.

show abstract

“…Moreover, this bridge balances the trade-off between complexity of rigid formality (B method) and expressiveness of semiformal approaches (SysML). Most of the existing work aiming at establishing links between goal models and formal methods, such as [3,10,16,18], consider KAOS and B or VDM++. The main difference with our work is that they consider only the last level of the goal hierarchy, that is, the requisite goals.…”

Section: Conclusion and Further Workmentioning

confidence: 99%

A first attempt to combine SysML requirements diagrams and B

Laleau

Semmak

Matoussi

et al. 2009

Innovations Syst Softw Eng

View full text Add to dashboard Cite

This article describes a work-in-progress in the framework of a research project aiming at combining requirements engineering methods with formal methods. The main idea is to extend the SysML language with concepts of existing requirements engineering methods. In this article we present extensions to SysML with concepts from the goal model of the KAOS method and we give rules to derive a formal B specification from this goal model. The approach is then illustrated on a case study.

show abstract

Formal derivation of security design specifications from security requirements

Cited by 7 publications

References 3 publications

A review on security requirements specification by formal methods

A review on security requirements specification by formal methods

Desiree - a Refinement Calculus for Requirements Engineering

A first attempt to combine SysML requirements diagrams and B

Contact Info

Product

Resources

About