Using Security and Domain ontologies for Security Requirements Analysis

Abstract : Recent research has argued about the importance of considering security during Requirements Engineering (RE) stage. Literature also emphasizes the importance of using ontologies to facilitate requirements elicitation. Ontologies are known to be rich sources of knowledge, and, being structured and equipped with reasoning features, they form a powerful tool to handle requirements. We believe that security being a multi-faceted problem, a single security ontology is not enough to guide SR Engineering (SRE) efficiently. Indeed, security ontologies only focus on technical and domain independent aspects of security. Therefore, one can hypothesize that domain knowledge is needed too. Our question is "how to combine the use of security ontologies and domain ontologies to guide requirements elicitation efficiently and effectively?" We propose a method that exploits both types of ontologies dynamically through a collection of heuristic production rules. We demonstrate that the combined use of security ontologies with domain ontologies to guide SR elicitation is more effective than just relying on security ontologies. This paper presents our method and reports a preliminary evaluation conducted through critical analysis by experts. The evaluation shows that the method provides a good balance between the genericity with respect to the ontologies (which do not need to be selected in advance), and the specificity of the elicited requirements with respect to the domain at hand.
Type de document :
Communication dans un congrès
The 8th IEEE International Workshop on Security, Trust and Privacy for Software Applications in conjunction with COMPSAC, the IEEE Signature Conference on Computers, Software & Application., Jul 2013, Kyoto, Japan. pp.1-7, 2013
Liste complète des métadonnées

Littérature citée [2 références]  Voir  Masquer  Télécharger

https://hal-paris1.archives-ouvertes.fr/hal-00864300
Contributeur : Amina Souag <>
Soumis le : vendredi 20 septembre 2013 - 17:27:37
Dernière modification le : mardi 10 juillet 2018 - 17:02:03
Document(s) archivé(s) le : samedi 21 décembre 2013 - 04:33:04

Fichier

PID2780911-_COMPSAC.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-00864300, version 1

Collections

Citation

Amina Souag, Camille Salinesi, Isabelle Wattiau, Haralambos Mouratidis. Using Security and Domain ontologies for Security Requirements Analysis. The 8th IEEE International Workshop on Security, Trust and Privacy for Software Applications in conjunction with COMPSAC, the IEEE Signature Conference on Computers, Software & Application., Jul 2013, Kyoto, Japan. pp.1-7, 2013. 〈hal-00864300〉

Partager

Métriques

Consultations de la notice

261

Téléchargements de fichiers

320