Security requirements analysis based on security and domain ontologies

Abstract : Security is the discipline concerned with protecting systems from a wide range of threats (malice, error or mischief) that break the system by exploiting a vulnerability, i.e. a property of the system or its environment that, when faced with particular threats, can lead to failure[5] . Security is a multi-faceted problem; it is as much about understanding the domain in which systems operate as it is about the systems themselves. While developing security facilities such as encryption,identity control, or specific architectures is important, our attention should be drawn at looking into the sociotechnical context in which target systems will operate and threats that may arise and their potential harm, so as to uncover security requirements. Recent research has argued about the importance of considering security at the early stages of the information systems development process, and especially the need to consider security during RE. An ontology, in the field of knowledge representation, is most often defined as "a representation of a conceptualization". It should represent a shared conceptualization in order to have any useful purpose. Ontologies are useful for representing and interrelating many types of knowledge. Several security ontologies have been proposed. Domain ontologies are formal descriptions of classes of concepts and relationships between these concepts that describe a given domain. Our previous experience with RITA, a requirements elicitation method that exploits a just one threat ontology, was that "being generic, the threats in the RITA ontology are not specific to the target [bank] industry" (the case study was in the banking sector). Experts involved in the evaluation complained about "the lack of specificity of the types of threats to the industry sector and the problem domain at hand". The problem that remains open is therefore that we need to exploit both security knowledge and domain knowledge to guide the elicitation of domain-specific security requirements. Our research question is "how to combine the use of security ontologies and domain ontologies to guide requirements elicitation efficiently?" This paper presents an ongoing research project that aims to develop a method that explores the use of security and domain ontologies for SRE.
Type de document :
Communication dans un congrès
REFSQ, Apr 2013, Essen, Germany. pp.1-3, 2013
Liste complète des métadonnées

https://hal-paris1.archives-ouvertes.fr/hal-00864311
Contributeur : Amina Souag <>
Soumis le : vendredi 20 septembre 2013 - 17:54:02
Dernière modification le : jeudi 13 septembre 2018 - 15:24:05
Document(s) archivé(s) le : samedi 21 décembre 2013 - 04:33:20

Fichier

Poster_REFSQ_abstract.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-00864311, version 1

Collections

Citation

Amina Souag, Camille Salinesi, Isabelle Wattiau. Security requirements analysis based on security and domain ontologies. REFSQ, Apr 2013, Essen, Germany. pp.1-3, 2013. 〈hal-00864311〉

Partager

Métriques

Consultations de la notice

268

Téléchargements de fichiers

230