A Security Ontology for Security Requirements Elicitation

Abstract : Security is an important issue that needs to be taken into account at all stages of information system development, including early requirements elicitation. Early analysis of security makes it possible to predict threats and their impacts and define adequate security requirements before the system is in place. Security requirements are difficult to elicit, analyze, and manage. The fact that analysts' knowledge about security is often tacit makes the task of security requirements elicitation even harder. Ontologies are known for being a good way to formalize knowledge. Ontologies, in particular, have been proved useful to support reusability. Requirements engineering based on predefined ontologies can make the job of requirement engineering much easier and faster. However, this very much depends on the quality of the ontology that is used. Some security ontologies for security requirements have been proposed in the literature. None of them stands out as complete. This paper presents a core and generic security ontology for security requirements engineering. Its core and generic status is attained thanks to its coverage of wide and high-level security concepts and relationships. We implemented the ontology and developed an interactive environment to facilitate the use of the ontology during the security requirements engineering process. The proposed security ontology was evaluated by checking its validity and completeness compared to other ontologies. Moreover, a controlled experiment with end-users was performed to evaluate its usability.
Type de document :
Communication dans un congrès
International Symposium on Engineering Secure Software and Systems, Mar 2015, Milan, Italy. Engineering Secure Software and Systems, 2015, 〈10.1007/978-3-319-15618-7_13〉
Liste complète des métadonnées

Littérature citée [40 références]  Voir  Masquer  Télécharger

https://hal-paris1.archives-ouvertes.fr/hal-01153319
Contributeur : Amina Souag <>
Soumis le : vendredi 15 avril 2016 - 00:57:03
Dernière modification le : mardi 10 juillet 2018 - 17:02:04
Document(s) archivé(s) le : samedi 16 juillet 2016 - 10:12:40

Fichier

chp_10.1007_978-3-319-15618-7_...
Accord explicite pour ce dépôt

Identifiants

Collections

Citation

Amina Souag, Camille Salinesi, Raúl Mazo, Isabelle Comyn-Wattiau. A Security Ontology for Security Requirements Elicitation. International Symposium on Engineering Secure Software and Systems, Mar 2015, Milan, Italy. Engineering Secure Software and Systems, 2015, 〈10.1007/978-3-319-15618-7_13〉. 〈hal-01153319〉

Partager

Métriques

Consultations de la notice

136

Téléchargements de fichiers

635