Using Security and Domain Ontologies for Security Requirements Analysis

Souag, Amina; Salinesi, Camille; Wattiau, Isabelle; Mouratidis, Haralambos

doi:10.1109/compsacw.2013.124

Cited by 23 publications

(20 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The focus was mainly on security ontologies that have been used in security requirements engineering [9][10] [11][12].…”

Section: Discussionmentioning

confidence: 99%

“…Several research studies have addressed the issue of knowledge for the field of security [7] [8]. The research presented in this paper is part of a larger ongoing research project that aims at proposing a method that exploits ontologies for security requirements engineering [9]. In [9], a small security ontology was first used for the elicitation and analysis of security requirements.…”

Section: Introductionmentioning

confidence: 99%

“…The research presented in this paper is part of a larger ongoing research project that aims at proposing a method that exploits ontologies for security requirements engineering [9]. In [9], a small security ontology was first used for the elicitation and analysis of security requirements. Being "small", the ontology used affected the resulting requirements and the whole security requirements analysis process.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Security Ontology for Security Requirements Elicitation

Souag¹,

Salinesi²,

Mazo³

et al. 2015

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

International audienceSecurity is an important issue that needs to be taken into account at all stages of information system development, including early requirements elicitation. Early analysis of security makes it possible to predict threats and their impacts and define adequate security requirements before the system is in place. Security requirements are difficult to elicit, analyze, and manage. The fact that analysts' knowledge about security is often tacit makes the task of security requirements elicitation even harder. Ontologies are known for being a good way to formalize knowledge. Ontologies, in particular, have been proved useful to support reusability. Requirements engineering based on predefined ontologies can make the job of requirement engineering much easier and faster. However, this very much depends on the quality of the ontology that is used. Some security ontologies for security requirements have been proposed in the literature. None of them stands out as complete. This paper presents a core and generic security ontology for security requirements engineering. Its core and generic status is attained thanks to its coverage of wide and high-level security concepts and relationships. We implemented the ontology and developed an interactive environment to facilitate the use of the ontology during the security requirements engineering process. The proposed security ontology was evaluated by checking its validity and completeness compared to other ontologies. Moreover, a controlled experiment with end-users was performed to evaluate its usability

show abstract

“…The focus was mainly on security ontologies that have been used in security requirements engineering [9][10] [11][12].…”

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Security Ontology for Security Requirements Elicitation

Souag¹,

Salinesi²,

Mazo³

et al. 2015

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…the lack of information security knowledge, deficiency of training for eliciting security requirements, lack of domain knowledge, absence of a domain model), some methods were proposed in the literature [8] [19]. However, they remain too general, in the sense that they are for general problem domains where problem-specific domain knowledge is not used and that they do not support explicitly the utilization of domain knowledge [9].…”

Section: Introductionmentioning

confidence: 99%

“…Security experts can join the requirements engineers while using the method to validate some requirements, although lot of their expertise is formalized into the security ontology. This paper presents the AMAN-DA method (though some primary versions of it are reported in prior early works on the project in [9] and [27]). The paper reports the evaluation of the method's utility and effectiveness using a case study related to the maritime domain followed by an experiment with experts to assess the method's usefulness.…”

Section: Introductionmentioning

confidence: 99%

Using the AMAN-DA method to generate security requirements: a case study in the maritime domain

et al. 2017

Self Cite

View full text Add to dashboard Cite

Abstract. [Context and motivation]Security requirements are known to be "the most difficult of requirements types", and potentially the ones causing the greatest risk if they are not correct. One approach to requirements elicitation is based on the reuse of explicit knowledge. AMAN-DA is a requirement elicitation method that reuses encapsulated knowledge in security and domain ontologies to produce security requirements specifications.[Question/Problem] The main research question addressed in this paper is to what extent is AMAN-DA able to generate domain specific security requirements? [Principal idea/results] Following a well-documented process, a case study related to the maritime domain was undertaken with the goal to demonstrate the utility and effectiveness of AMAN-DA for the elicitation and analysis of domain specific security requirements. The usefulness of the method was also evaluated with a group of twelve experts.[Contribution] The paper demonstrates the elicitation of domain specific security requirements by presenting the AMAN-DA method and its application. It describes the evaluation and reports some significant results and their implications for practice, and future research, especially for the field of knowledge reuse in requirements engineering.

show abstract