Using Security and Domain ontologies for Security Requirements Analysis

Abstract : Recent research has argued about the importance of considering security during Requirements Engineering (RE) stage. Literature also emphasizes the importance of using ontologies to facilitate requirements elicitation. Ontologies are known to be rich sources of knowledge, and, being structured and equipped with reasoning features, they form a powerful tool to handle requirements. We believe that security being a multi-faceted problem, a single security ontology is not enough to guide SR Engineering (SRE) efficiently. Indeed, security ontologies only focus on technical and domain independent aspects of security. Therefore, one can hypothesize that domain knowledge is needed too. Our question is "how to combine the use of security ontologies and domain ontologies to guide requirements elicitation efficiently and effectively?" We propose a method that exploits both types of ontologies dynamically through a collection of heuristic production rules. We demonstrate that the combined use of security ontologies with domain ontologies to guide SR elicitation is more effective than just relying on security ontologies. This paper presents our method and reports a preliminary evaluation conducted through critical analysis by experts. The evaluation shows that the method provides a good balance between the genericity with respect to the ontologies (which do not need to be selected in advance), and the specificity of the elicited requirements with respect to the domain at hand.
Document type :
Conference papers
Complete list of metadatas

Cited literature [2 references]  Display  Hide  Download

https://hal-paris1.archives-ouvertes.fr/hal-00864300
Contributor : Amina Souag <>
Submitted on : Friday, September 20, 2013 - 5:27:37 PM
Last modification on : Saturday, February 9, 2019 - 1:23:25 AM
Long-term archiving on : Saturday, December 21, 2013 - 4:33:04 AM

File

PID2780911-_COMPSAC.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-00864300, version 1

Citation

Amina Souag, Camille Salinesi, Isabelle Wattiau, Haralambos Mouratidis. Using Security and Domain ontologies for Security Requirements Analysis. The 8th IEEE International Workshop on Security, Trust and Privacy for Software Applications in conjunction with COMPSAC, the IEEE Signature Conference on Computers, Software & Application., Jul 2013, Kyoto, Japan. pp.1-7. ⟨hal-00864300⟩

Share

Metrics

Record views

506

Files downloads

546