A Security Ontology for Security Requirements Elicitation

Abstract : Security is an important issue that needs to be taken into account at all stages of information system development, including early requirements elicitation. Early analysis of security makes it possible to predict threats and their impacts and define adequate security requirements before the system is in place. Security requirements are difficult to elicit, analyze, and manage. The fact that analysts' knowledge about security is often tacit makes the task of security requirements elicitation even harder. Ontologies are known for being a good way to formalize knowledge. Ontologies, in particular, have been proved useful to support reusability. Requirements engineering based on predefined ontologies can make the job of requirement engineering much easier and faster. However, this very much depends on the quality of the ontology that is used. Some security ontologies for security requirements have been proposed in the literature. None of them stands out as complete. This paper presents a core and generic security ontology for security requirements engineering. Its core and generic status is attained thanks to its coverage of wide and high-level security concepts and relationships. We implemented the ontology and developed an interactive environment to facilitate the use of the ontology during the security requirements engineering process. The proposed security ontology was evaluated by checking its validity and completeness compared to other ontologies. Moreover, a controlled experiment with end-users was performed to evaluate its usability.
Document type :
Conference papers
Complete list of metadatas

Cited literature [40 references]  Display  Hide  Download

https://hal-paris1.archives-ouvertes.fr/hal-01153319
Contributor : Amina Souag <>
Submitted on : Friday, April 15, 2016 - 12:57:03 AM
Last modification on : Saturday, February 9, 2019 - 1:25:06 AM
Long-term archiving on : Saturday, July 16, 2016 - 10:12:40 AM

File

chp_10.1007_978-3-319-15618-7_...
Explicit agreement for this submission

Identifiers

Collections

Citation

Amina Souag, Camille Salinesi, Raúl Mazo, Isabelle Comyn-Wattiau. A Security Ontology for Security Requirements Elicitation. International Symposium on Engineering Secure Software and Systems, Mar 2015, Milan, Italy. ⟨10.1007/978-3-319-15618-7_13⟩. ⟨hal-01153319⟩

Share

Metrics

Record views

177

Files downloads

1051