, Generic security knowledge is not enough, it must be domain specific, Knowledge based versus model based SRE, p.27
, 30 B. Security requirements as Non Functional Requirements (NFRs) 30 C. Other interpretations of Security Requirements, p.34
, Creation dateContext of versionExecutive summaryDemo settings attribute>NOTEBOOK CHAPTERUser attributes ATTR "Model type CHAPTERSystem attributesContext of version" CHAPTERExecutive summary ATTR "Executive summary" lines:20 CHAPTEROrganisational View ATTR "Organisational view" lines:20 CHAPTERSecurity Requirements View ATTR "Security requirements view" lines:20 CHAPTERSecurity Components View ATTR "Security components view" lines:20 CHAPTERSecurity Attacks View ATTR "Security attacks view" lines:20 CHAPTERCloud Analysis View ATTR "Cloud analysis view" lines:20</ATTRIBUTE> <ATTRIBUTE name=Authentification attack> GRAPHREP layer:-1 AVAL modelText IF (LEN modelText) { FONT "Helvetica" h:14pt bold color:darkgray TEXT (modelText) x:0.25cm y:0.25cm w:l h:t>NODE x:2.5cm y:1.5cm w:6.5cm h:5.5cm index:3 visible:0 </ATTRIBUTE> <ATTRIBUTE name=External tool coupling" type=Show organisation nameDetailed description" type=Object's name" type="STRINGDetailed description ATTR "Show organisation name> <ATTRIBUTE name="Position" type="STRING">NODE x:7cm y:6cm w:2cm h:1cm index:7 visible:0</ATTRIBUTE> <ATTRIBUTE name=External tool coupling" type=NameST" type=Object's name" type="STRING">manage_ship_documents</ATTRIBUTE> <INTERREF name=Delegated to system" type="INTEGERcon.3" class="Is inside"> <FROM instance="Goal-2" class="GoalOrganisation1" class="OrganisationAutoConnect" type="STRINGobj.4" class="Goal" name="Goal-4"> <ATTRIBUTE name="Position" type="STRING">NODE x:7cm y:6cm w:2cm h:1cm index:7 visible:0</ATTRIBUTE> <ATTRIBUTE name=External tool coupling" type=NameST" type=_View" type="STRING">Security Requirements View</ATTRIBUTE> <ATTRIBUTE name="Object's name" type="STRING">manage_ship_documents</ATTRIBUTE> <INTERREF name=_ChildObj"> <IREF type="objectreference" tmodeltype="Security Model" tmodelname="Maritime organization 26- 12-14-13-56-39" tmodelver="1" tclassname="Goal" tobjname="Goal-2Delegated to system" type="INTEGERobj.5" class="SecurityConstraint" name="SecurityConstraint-5"> <ATTRIBUTE name="Position" type="STRING">NODE x:5cm y:6.5cm w:2cm h:2cm index:13 visible:0</ATTRIBUTE> <ATTRIBUTE name=External tool coupling" type=NameST" type=_View" type="STRING">Security Requirements View</ATTRIBUTE> <ATTRIBUTE name="Object's name" type="STRING">Maintain the confidentiality of ship plans</ATTRIBUTE> <ATTRIBUTE name=Security criticality" type="INTEGER">0</ATTRIBUTE> </INSTANCE> <CONNECTOR id="con.6" class="Restricts"> <FROM instance="SecurityConstraint-5" class="SecurityConstraint"/> <TO instance="Goal-4" class=Positions" type="STRING">EDGE 0 index:14 visible:0</ATTRIBUTE> <ATTRIBUTE name="_View" type="STRING">Security Requirements View</ATTRIBUTE> </CONNECTOR> <INSTANCE id="obj.7" class="SecurityObjective" name="SecurityObjective-7"> <ATTRIBUTE name="Position" type="STRING">NODE x:7cm y:9cm w:2cm h:2cm index:15 visible:0</ATTRIBUTE> <ATTRIBUTE name=External tool coupling" type=NameST" type="STRING"/> <ATTRIBUTE name="_View" type="STRING">Security Requirements View</ATTRIBUTE> <ATTRIBUTE name="Object's name" type="STRING">Confidentiality</ATTRIBUTE> </INSTANCE> <CONNECTOR id="con.8" class="Satisfies"> <FROM instance=SecurityObjective-7" class=SecurityConstraint-5" class="SecurityConstraint"/> <ATTRIBUTE name="Positions" type="STRING">EDGE 0 index:16 visible:0</ATTRIBUTE> <ATTRIBUTE name="_View" type="STRING">Security Requirements View</ATTRIBUTE> </CONNECTOR> <INSTANCE id="obj.9" class="Actor" name="Actor-9"> <ATTRIBUTE name="Position" type="STRING">NODE x:4cm y:4.5cm w:2cm h:2cm index:5 visible:0</ATTRIBUTE> <ATTRIBUTE name=External tool coupling" type=NameST" type="STRING"/> <ATTRIBUTE name="_View" type="STRING">Organisational View</ATTRIBUTE> <ATTRIBUTE name="Object's name" type="STRING">captain</ATTRIBUTE> <ATTRIBUTE name="Show internal Goal Diagram" type="INTEGER">0</ATTRIBUTE> <ATTRIBUTE name="_GoalDiagramHeight" type="STRING">5cm</ATTRIBUTE> <ATTRIBUTE name="_GoalDiagramWidth" type="STRING">5cm</ATTRIBUTE> <ATTRIBUTE name="Goal Diagram position" type="ENUMERATION">bottom-right</ATTRIBUTE> <ATTRIBUTE name="Security criticality" type="INTEGER">0</ATTRIBUTE> <ATTRIBUTE name="_SerialiseAttrs" type="LONGSTRING"> ATTR "Show internal Goal Diagram ATTR "Goal Diagram position ATTR "Position" </ATTRIBUTE> <INTERREF name=con.10" class="Is inside"> <FROM instance="Actor-9" class="Actor"></FROM> <TO instance="Organisation1" class="Organisation"></TO> <ATTRIBUTE name="AutoConnect" type="STRING"></ATTRIBUTE> </CONNECTOR> <CONNECTOR id="con.11" class="DependencyLink"> <FROM instance="Goal-2" class=Actor-9" class=Positions" type="STRING">EDGE 0 index:9</ATTRIBUTE> <ATTRIBUTE name="_View" type="STRING">Organisational View</ATTRIBUTE> <ATTRIBUTE name="Security Constraints" type="PROGRAMCALL">ITEM "Security Constraints list" param:_LengthA" type="EXPRESSION">EXPR val:3</ATTRIBUTE> <ATTRIBUTE name="_LengthB" type="EXPRESSION">EXPR val:1.5</ATTRIBUTE> <ATTRIBUTE name="_endX" type="EXPRESSION">EXPR val:"4"</ATTRIBUTE> <ATTRIBUTE name="_endY" type="EXPRESSION">EXPR val:"4.5"</ATTRIBUTE> <ATTRIBUTE name="_NumberOfObjects" type="EXPRESSION">EXPR val:0</ATTRIBUTE> <ATTRIBUTE name="_startX" type="EXPRESSION">EXPR val:"7"</ATTRIBUTE> <ATTRIBUTE name="_startY" type="EXPRESSION">EXPR val:"6"</ATTRIBUTE> <ATTRIBUTE name="_SerialiseAttrs" type=obj.12" class="Actor" name="Actor-12"> <ATTRIBUTE name="Position" type="STRING">NODE x:4cm y:4.5cm w:2cm h:2cm index:5 visible:0</ATTRIBUTE> <ATTRIBUTE name="External tool coupling" type=NameST" type="STRING"/> <ATTRIBUTE name="_View" type="STRING">Organisational View</ATTRIBUTE> <ATTRIBUTE name="Object's name" type="STRING">company_direction</ATTRIBUTE> <ATTRIBUTE name="Show internal Goal Diagram" type="INTEGER">0</ATTRIBUTE> <ATTRIBUTE name="_GoalDiagramHeight" type="STRING">5cm</ATTRIBUTE> <ATTRIBUTE name="_GoalDiagramWidth" type="STRING">5cm</ATTRIBUTE> <ATTRIBUTE name="Goal Diagram position" type="ENUMERATION">bottom-right</ATTRIBUTE> <ATTRIBUTE name="Security criticality" type="INTEGER">0</ATTRIBUTE> <ATTRIBUTE name="_SerialiseAttrs" type="LONGSTRING"> ATTR "Show internal Goal Diagram" ATTR "Goal Diagram position" ATTR "PositionActor-12" class=Goal-2" class=Positions" type="STRING">EDGE 0 index:9</ATTRIBUTE> <ATTRIBUTE name="_View" type="STRING">Organisational View</ATTRIBUTE> <ATTRIBUTE name="Security Constraints" type="PROGRAMCALL">ITEM "Security Constraints list" param:obj.15" class="Actor" name="Actor-15"> <ATTRIBUTE name="Position" type="STRING">NODE x:4cm y:4.5cm w:2cm h:2cm index:5 visible:0</ATTRIBUTE> <ATTRIBUTE name="External tool coupling" type=NameST" type="STRING"/> <ATTRIBUTE name="_View" type="STRING">Security Requirements View</ATTRIBUTE> <ATTRIBUTE name="Object's name" type="STRING">captain</ATTRIBUTE> <ATTRIBUTE name="Show internal Goal Diagram" type="INTEGER">1</ATTRIBUTE> <ATTRIBUTE name="_GoalDiagramHeight" type="STRING">5cm</ATTRIBUTE> <ATTRIBUTE name="_GoalDiagramWidth" type="STRING">5cm</ATTRIBUTE> <ATTRIBUTE name="Goal Diagram position" type="ENUMERATION">bottom-right</ATTRIBUTE> <ATTRIBUTE name="Security criticality" type="INTEGER">0</ATTRIBUTE> <ATTRIBUTE name="_SerialiseAttrs" type="LONGSTRING"> ATTR "Show internal Goal Diagram" ATTR "Goal Diagram position" ATTR "Position" </ATTRIBUTE> <INTERREF name="_ParentObj"/> <INTERREF name="_ChildObj"> <IREF type="objectreference" tmodeltype="Security Model" tmodelname="Maritime organization 26- 12-14-13-56-39" tmodelver="1" tclassname="Actor" tobjname="Actor-9Object's name" type="STRING">null</ATTRIBUTE> <INTERREF name="_ParentObj"> <IREF type="objectreference" tmodeltype="Security Model" tmodelname="Maritime organization 26- 12-14-13-56-39" tmodelver="1" tclassname="Threat" tobjname="Threat-16obj.19" class="Attacker" name="Attacker-19"> <ATTRIBUTE name="Position" type="STRING">NODE x:10.5cm y:2.5cm w:10cm h:10cm index:7</ATTRIBUTE> <ATTRIBUTE name="External tool coupling" type="STRING"></ATTRIBUTE> <ATTRIBUTE name="NameST" type="STRING"></ATTRIBUTE> <ATTRIBUTE name="_View" type="STRING">Security Attacks View@16</ATTRIBUTE> <ATTRIBUTE name="Object's name" type="STRING">null</ATTRIBUTE> <ATTRIBUTE name="Show internal Goal Diagram" type="INTEGER">1</ATTRIBUTE> <ATTRIBUTE name="_GoalDiagramHeight" type="STRING">5cm</ATTRIBUTE> <ATTRIBUTE name="_GoalDiagramWidth" type="STRING">5cm</ATTRIBUTE> <ATTRIBUTE name="Goal Diagram position" type="ENUMERATION">bottom-right</ATTRIBUTE> <ATTRIBUTE name="Security criticality" type="INTEGER">0</ATTRIBUTE> <INTERREF name="_ParentObj"> <IREF type="objectreference" tmodeltype="Security Model" tmodelname="Maritime organization 26- 12-14-13-56-39" tmodelver="1" tclassname="Threat" tobjname="Threat-16"></IREF> </INTERREF> <INTERREF name="_ChildObj"></INTERREF> </INSTANCE> <INSTANCE id="obj.17" class="Threat" name="Threat-17"> <ATTRIBUTE name="Position" type="STRING">NODE x:15cm y:4.5cm w:2cm h:2cm index:7</ATTRIBUTE> <ATTRIBUTE name="External tool coupling" type="STRING"></ATTRIBUTE> <ATTRIBUTE name="NameST" type="STRING"></ATTRIBUTE> <ATTRIBUTE name="_View" type="STRING">Security Attacks View@16</ATTRIBUTE> <ATTRIBUTE name="Object's name" type="STRING">Unauthorized physical access</ATTRIBUTE> <ATTRIBUTE name="_HasSecurityAttacks" type="INTEGER">0</ATTRIBUTE> <ATTRIBUTE name="_SecurityAttacksLink" type="PROGRAMCALL">ITEM "_SecurityAttacksLink" param:"";</ATTRIBUTE> <INTERREF name="_ParentObj"> <IREF type="objectreference" tmodeltype="Security Model" tmodelname="Maritime organization 26- 12-14-13-56-39" tmodelver="1" tclassname="Threat" tobjname="Threat-16"></IREF> </INTERREF> <INTERREF name="_ChildObj"></INTERREF> <ATTRIBUTE name="_InitialObjID" type="INTEGER">0</ATTRIBUTE> <ATTRIBUTE name="_RebuildSAV" type="PROGRAMCALL">ITEM "_RebuildSAV" param:""</ATTRIBUTE> </INSTANCE> <CONNECTOR id="con.20" class="EmbodiesLink"> <FROM instance="Threat-17" class=AttackMethod-18" class="AttackMethod"/> <ATTRIBUTE name="Positions" type="STRING">EDGE 0 index:23</ATTRIBUTE> <ATTRIBUTE name="_View" type="STRING">Security Attacks View@16</ATTRIBUTE> <ATTRIBUTE name="_ThreatID" type="INTEGER">0</ATTRIBUTE> </CONNECTOR> <INSTANCE id="obj.21" class="Goal" name="Goal-21"> <ATTRIBUTE name="Position" type="STRING">NODE x:4cm y:5cm w:2cm h:1cm index:20</ATTRIBUTE> <ATTRIBUTE name="External tool coupling" type=NameST" type="STRING"/> <ATTRIBUTE name="_View" type="STRING">Security Attacks View@16</ATTRIBUTE> <ATTRIBUTE name="Object's name" type="STRING">manage_ship_documents</ATTRIBUTE> <INTERREF name="_ParentObj"> <IREF type="objectreference" tmodeltype="Security Model" tmodelname="Maritime organization 26- 12-14-13-56-39" tmodelver="1" tclassname="Goal" tobjname="Goal-4"/> <IREF type="objectreference" tmodeltype="Security Model" tmodelname="Maritime organization 26- 12-14-13-56-39" tmodelver="1" tclassname="Threat" tobjname="Threat-16External tool coupling" type=NameST" type="STRING"/> <ATTRIBUTE name="_View" type="STRING">Security Attacks View@16</ATTRIBUTE> <ATTRIBUTE name="Object's name" type="STRING">No entrance control</ATTRIBUTE> <INTERREF name="_ParentObj"> <IREF type="objectreference" tmodeltype="Security Model" tmodelname="Maritime organization 26- 12-14-13-56-39" tmodelver="1" tclassname="Threat" tobjname="Threat-16AttackMethod-18" class=Vulnerability-22" class=Vulnerability-22" class=Goal-21" class=External tool coupling" type=_View" type="STRING">Security Requirements View</ATTRIBUTE> <ATTRIBUTE name="Object's name" type="STRING">controll the ship_structure access</ATTRIBUTE> <INTERREF name=Constraint-25" class=External tool coupling" type=_View" type="STRING">Security Requirements View</ATTRIBUTE> <ATTRIBUTE name="Object's name" type="STRING">restrict the ship_structure access to only local administrators</ATTRIBUTE> <INTERREF name=, INTERREF> <ATTRIBUTE name="_Master" type="INTEGER">1</ATTRIBUTE> </INSTANCE> <INSTANCE id="obj.18" class="AttackMethod" name="AttackMethod-18"> <ATTRIBUTE name="Position" type="STRING">NODE x:13.5cm y:7.5cm w:2.5cm h:1.25cm index:8</ATTRIBUTE> <ATTRIBUTE name="External tool coupling" type="STRING"></ATTRIBUTE> <ATTRIBUTE name="NameST" type="STRING"></ATTRIBUTE> <ATTRIBUTE name="_View" type="STRING">Security Attacks View@16</ATTRIBUTE> <ATTRIBUTE name= <ATTRIBUTE name="Delegated to system" type="INTEGER">0</ATTRIBUTE> </INSTANCE> <INSTANCE id="obj.22" class="Vulnerability" name="Vulnerability-22"> <ATTRIBUTE name="Position" type="STRING">NODE x:4.5cm y:7cm w:2.6cm h:1.4cm index:24</ATTRIBUTE> <ATTRIBUTE name=INSTANCE> <CONNECTOR id="con.23" class="Attacks"> <FROM instance= <ATTRIBUTE name="Positions" type="STRING">EDGE 0 index:25</ATTRIBUTE> <ATTRIBUTE name="_View" type="STRING">Security Attacks View@16</ATTRIBUTE> <ATTRIBUTE name="_ThreatID" type="INTEGER">0</ATTRIBUTE> <ATTRIBUTE name=ProtectsLink"))) val:0</ATTRIBUTE> </CONNECTOR> <CONNECTOR id="con.24" class="AffectsLink"> <FROM instance= <ATTRIBUTE name="Positions" type="STRING">EDGE 0 index:21 visible:0</ATTRIBUTE> <ATTRIBUTE name="_View" type="STRING">Security Attacks View@16</ATTRIBUTE> <ATTRIBUTE name="_ThreatID" type="INTEGER">0</ATTRIBUTE> </CONNECTOR> <INSTANCE id="obj.25" class=Constraint" name="Constraint-25"> <ATTRIBUTE name="Position" type="STRING">NODE x:10cm y:7cm w:2cm h:1cm index:27 visible:0</ATTRIBUTE> <ATTRIBUTE name=INSTANCE> <CONNECTOR id="con.26" class="Restricts"> <FROM instance="Goal-4" class= <ATTRIBUTE name="Positions" type="STRING">EDGE 0 index:29 visible:0</ATTRIBUTE> <ATTRIBUTE name="_View" type="STRING">Security Requirements View</ATTRIBUTE> </CONNECTOR> <INSTANCE id="obj.27" class="Constraint" name="Constraint-27"> <ATTRIBUTE name="Position" type="STRING">NODE x:10cm y:7cm w:2cm h:1cm index:27 visible:0</ATTRIBUTE> <ATTRIBUTE name=INSTANCE> <CONNECTOR id="con.28" class="Restricts"> <FROM instance="Constraint-27" class="Constraint "/> <TO instance="Goal-4" class="Goal "/> <ATTRIBUTE name="Positions" type="STRING">EDGE 0 index:29 visible:0</ATTRIBUTE> <ATTRIBUTE name="_View" type="STRING">Security Requirements View</ATTRIBUTE> </CONNECTOR> <INSTANCE id="obj.29" class="Actor" name="Actor-29"> <ATTRIBUTE name="Position" type="STRING">NODE x:4cm y:4.5cm w:2cm h:2cm index:5 visible:0</ATTRIBUTE> <ATTRIBUTE name="External tool coupling" type="STRING"/> <ATTRIBUTE name="NameST" type="STRING"/> <ATTRIBUTE name="_View" type="STRING">Security Attacks View@16</ATTRIBUTE> <ATTRIBUTE name="Object's name" type="STRING">captain</ATTRIBUTE> <ATTRIBUTE name="Show internal Goal Diagram" type="INTEGER">1</ATTRIBUTE> <ATTRIBUTE name="_GoalDiagramHeight" type="STRING">5cm</ATTRIBUTE> <ATTRIBUTE name="_GoalDiagramWidth" type="STRING">5cm</ATTRIBUTE> <ATTRIBUTE name="Goal Diagram position" type="ENUMERATION">bottom-right</ATTRIBUTE> <ATTRIBUTE name="Security criticality" type="INTEGER">0</ATTRIBUTE> <ATTRIBUTE name="_SerialiseAttrs" type="LONGSTRING"> ATTR "Show internal Goal Diagram" ATTR "Goal Diagram position" ATTR "Position" </ATTRIBUTE> <INTERREF name="_ParentObj"> <IREF type="objectreference" tmodeltype="Security Model" tmodelname="Maritime organization <ATTRIBUTE name="NameST" type="STRING"/> <ATTRIBUTE name="_View" type="STRING">Security Requirements View</ATTRIBUTE> <ATTRIBUTE name="Object's name" type="STRING">Unauthorized physical access</ATTRIBUTE> <ATTRIBUTE name="_HasSecurityAttacks" type="INTEGER">1</ATTRIBUTE> <ATTRIBUTE name="_SecurityAttacksLink" type="PROGRAMCALL">ITEM "_SecurityAttacksLink" param tclassname="Actor" tobjname="Actor-29"/> </INTERREF> <ATTRIBUTE name="_InitialObjID" type="INTEGER">16</ATTRIBUTE> <ATTRIBUTE name="_RebuildSAV" type="PROGRAMCALL">ITEM "_RebuildSAV" param:""</ATTRIBUTE> </INSTANCE> <CONNECTOR id="con.30" class="ImpactsLink"> <FROM instance="Threat-16" class="Threat"/> <TO instance="Goal-4" class="Goal"/> <ATTRIBUTE name="Positions" type="STRING">EDGE 0 index:21 visible:0</ATTRIBUTE> <ATTRIBUTE name="_View" type="STRING">Security Requirements View<MODELS> </ADOXML> 1. What is your relation to security? (Consultant, DSSI, PhD student, pp.26-38, 2014.
, Reusable knowledge in security requirements engineering: a systematic mapping study, Requirements Engineering, vol.25, issue.4, 2015.
DOI : 10.1007/s00766-015-0220-8
URL : https://hal.archives-ouvertes.fr/hal-01133226
, Comyn-Wattiau I. A Security Ontology for Security Requirements Elicitation, International Symposium on Engineering Secure Software and Systems, 2015.
, Comyn-Wattiau I. Using the AMAN-DA method to generate security requirements: a case study in the maritime domain, Requirements Engineering, Foundation for Software Quality, 2016.
, A Methodology for Defining Security Requirements using Security and Domain Ontologies, INSIGHT, vol.16, issue.4, 2013.
DOI : 10.1002/inst.201316414
, Using Security and Domain Ontologies for Security Requirements Analysis, 2013 IEEE 37th Annual Computer Software and Applications Conference Workshops
DOI : 10.1109/COMPSACW.2013.124
URL : https://hal.archives-ouvertes.fr/hal-00864300
, Comyn-Wattiau I., Security requirements analysis based on security and domain ontologies, 2013.
, Une méthode de définition des exigences de sécurité fondée sur l'utilisation des ontologies, Séminaire Doctoral du Forum Académie-Industrie de l'AFIS, 2013.
, Ontologies for security requirements: A literature survey and classification, Advanced Information Systems Engineering Workshops, pp.61-69, 2012.
, Towards a new generation of security requirements definition methodology using ontologies, 24th International Conference on Advanced Information Systems Engineering, 2012.
URL : https://hal.archives-ouvertes.fr/hal-00710425
, Vers une nouvelle génération de définition des exigences de sécurité fondée sur l'utilisation des ontologies
, A generic comparison of industrial safety and information security NTNU - Norwegian University of Science and Technology, 2002.
, A Pattern Language: Towns, Buildings, Construction, 1977.
, Initial industrial experience of misuse cases in trade-off analysis, Proceedings IEEE Joint International Conference on Requirements Engineering, pp.61-68, 2002.
DOI : 10.1109/ICRE.2002.1048506
, Security engineering: A guide to building dependable distributed systems, 2001.
, Security Engineering: A Guide to Building Dependable Distributed Systems, 2001.
, Strategies for Developing Policies and Requirements for Secure Electronic Commerce Systems, E-commerce security and privacy, pp.29-46, 2000.
, « A Requirements Taxonomy for Reducing Web Site Privacy Vulnerabilities, Requirements Engineering, vol.9, issue.3, pp.169-85, 2004.
, From Trust to Dependability through Risk Analysis, The Second International Conference on Availability, Reliability and Security (ARES'07), 2007.
DOI : 10.1109/ARES.2007.93
, Risk Modelling and Reasoning in Goal Models, 2006.
, Ontology Development for Industrial Risk Analysis, 2008 3rd International Conference on Information and Communication Technologies: From Theory to Applications, 2008.
DOI : 10.1109/ICTTA.2008.4530312
, Basic concepts and taxonomy of dependable and secure computing, IEEE Transactions on Dependable and Secure Computing, vol.1, issue.1, pp.11-33, 2004.
DOI : 10.1109/TDSC.2004.2
, Assessing the value of IS journals, Communications of the ACM, vol.48, issue.1, pp.110-122, 2005.
DOI : 10.1145/1039539.1039573
, Information systems security design methods: implications for information systems development, ACM Computing Surveys, vol.25, issue.4, pp.375-414, 1993.
DOI : 10.1145/162124.162127
, The importance of ignorance in requirements engineering, Journal of Systems and Software, vol.28, issue.2, pp.179-84, 1995.
DOI : 10.1016/0164-1212(94)00054-Q
, Model-Based Security Engineering of Distributed Information Systems Using UMLsec, 29th International Conference on Software Engineering (ICSE'07), pp.581-90, 2007.
DOI : 10.1109/ICSE.2007.55
, « A container line industry domain, 2007.
, Domain Engineering, Formal Methods: State of the Art and New Directions, pp.1-41
DOI : 10.1007/978-1-84882-736-3_1
, R??le of Domain Engineering in Software Development???Why Current Requirements Engineering Is Flawed??!, Perspectives of Systems Informatics
DOI : 10.1007/978-3-642-11486-1_2
, Basis for an integrated security ontology according to a systematic review of existing proposals, Computer Standards & Interfaces, vol.33, issue.4, pp.372-88, 2011.
DOI : 10.1016/j.csi.2010.12.002
, A Systematic Review and Comparison of Security Ontologies, 2008 Third International Conference on Availability, Reliability and Security, pp.813-833, 2008.
DOI : 10.1109/ARES.2008.33
, « Towards the Ontologieal Representation of Functional Basis in DOLCE, 2009.
, Developing Domain Ontologies for Course Content, Educational Technology & Society-ETS, vol.10, issue.3, pp.275-288, 2007.
, Analyzing goal semantics for rights, permissions, and obligations, 13th IEEE International Conference on Requirements Engineering (RE'05), 2005.
DOI : 10.1109/RE.2005.12
, Tropos: An Agent-Oriented Software Development Methodology, Autonomous Agents and Multi-Agent Systems, vol.8, issue.3, pp.203-239, 2004.
DOI : 10.1023/B:AGNT.0000018806.20944.ef
, Mission Oriented Risk and Design Analysis of Critical Information Systems, Military Operations Research, vol.10, issue.2, pp.19-38, 2005.
DOI : 10.5711/morj.10.2.19
, « Using mapping studies in software engineering, Proceedings of PPIG Psychology of Programming Interest Group, pp.195-204, 2008.
, Information System? Which One Do You Mean?, Proceedings of the IFIP TC8/WG8.1 International Conference on Information System Concepts: An Integrated Discipline Emerging, 259?77. ISCO-4, 2000.
DOI : 10.1007/978-0-387-35500-9_22
, « The Use of Ontologies in Requirements Engineering, Global Journal of Research Engineering, vol.10, issue.6, 2010.
, What are ontologies, and why do we need them?, IEEE Intelligent Systems, vol.14, issue.1, pp.20-26, 1999.
DOI : 10.1109/5254.747902
, « La piraterie maritime au début du XXième siecle: panorama, modes opératoires et solutions », 2009.
, Requirements Reuse: The State of the Practice, 2012 IEEE International Conference on Software Science, Technology and Engineering, pp.46-53, 2012.
DOI : 10.1109/SWSTE.2012.12
, An Ontology Based Information Security Requirements Engineering Framework, Secure and Trust Computing, Data Management and Applications 139?46. Communications in Computer and Information Science 186, 2011.
DOI : 10.1017/S135132490400347X
, Security Requirements Reusability and the SQUARE Methodology. No. CMU/SEI- 2010-TN-027, 2010.
, Ontology-Based Support for Security Requirements Specification Process, On the Move to Meaningful Internet Systems: OTM 2012
DOI : 10.1007/978-3-642-33618-8_28
, Pattern-based security requirements specification using ontologies and boilerplates, 2012 Second IEEE International Workshop on Requirements Patterns (RePa), pp.54-59, 2012.
DOI : 10.1109/RePa.2012.6359973
, Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology, MIS quarterly, pp.319-359, 1989.
DOI : 10.2307/249008
, Knowledge systems design, 1989.
, Access control and data integrity for daml+ oil and daml-s ». SRI International, 2002.
, Security for DAML Web Services: Annotation and Matchmaking, The Semantic Web Conferennce -ISWC 2003, 2003.
DOI : 10.1007/978-3-540-39718-2_22
, OWL-S Semantics of Security Web Services: a Case Study, The Semantic Web: Research and Applicationsedited by240?53. Lecture Notes in Computer Science, 2004.
DOI : 10.1007/978-3-540-25956-5_17
, Software engineering for security, Proceedings of the conference on The future of Software engineering , ICSE '00, pp.227-266, 2000.
DOI : 10.1145/336512.336559
, The theory of functional grammar: the structure of the clause, 1997.
, Revisiting Ontology-Based Requirements Engineering in the age of the Semantic Web, 2006.
, « Toward a Security Ontology, IEEE Security and Privacy, vol.1, issue.3, pp.6-7, 2003.
, « A knowledge-based approach to security requirements for e-health applications, Electronic Journal for E-Commerce Tools and Applications, 2006.
, A Systematic Approach to Define the Domain of Information System Security Risk Management, Intentional Perspectives on Information Systems Engineering, 2010.
DOI : 10.1007/978-3-642-12544-7_16
, Selecting Empirical Methods for Software Engineering Research, Guide to advanced empirical software engineering, 2008.
DOI : 10.1007/978-1-84800-044-5_11
, Security Requirements Engineering in the Wild: A Survey of Common Practices, 2011 IEEE 35th Annual Computer Software and Applications Conference, pp.314-319, 2011.
DOI : 10.1109/COMPSAC.2011.48
, « 5 millions d'adresses et mots de passe Gmail postés sur un forum », septembre 11, 2014.
, Risk-based systems security engineering: stopping attacks with intention, IEEE Security and Privacy Magazine, vol.2, issue.6, pp.59-62, 2004.
DOI : 10.1109/MSP.2004.109
, A comparison of security requirements engineering methods, Requirements Engineering, vol.4, issue.2, pp.7-40, 2010.
DOI : 10.1007/s00766-009-0092-x
, The Ontolingua Server: a tool for collaborative ontology construction, International Journal of Human-Computer Studies, vol.46, issue.6, pp.707-734, 1997.
DOI : 10.1006/ijhc.1996.0121
, The fifth generation (1sted, 1983.
, Formalizing information security knowledge, Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ASIACCS '09, 2009.
DOI : 10.1145/1533057.1533084
, « METHONTOLOGY: From Ontological Art Towards Ontological Engineering, Proceedings of the Ontological Engineering AAAI-97 Spring Symposium Series. Stanford University, EEUU: Facultad de Informática (UPM), 1997.
, « The case for case « Engineering Safety and Security Related Requirements for Software Intensive Systems, 29th International Conference on Software Engineering -Companion, pp.169-169, 1967.
, Specifying Reusable Security Requirements., The Journal of Object Technology, vol.3, issue.1, pp.61-75, 2004.
DOI : 10.5381/jot.2004.3.1.c6
, Security Use Cases., The Journal of Object Technology, vol.2, issue.3, pp.1-12, 2003.
DOI : 10.5381/jot.2003.2.3.c6
, « A taxonomy of security-related requirements, International Workshop on High Assurance Systems (RHAS'05), 2005.
, Software reuse research: status and future, IEEE Transactions on Software Engineering, vol.31, issue.7, pp.529-565, 2005.
DOI : 10.1109/TSE.2005.85
, An ontology description for SIP security flaws, Computer Communications, vol.30, issue.6, pp.1367-74, 2007.
DOI : 10.1016/j.comcom.2006.12.023
, Requirements engineering for trust management: model, methodology, and reasoning, International Journal of Information Security, vol.9, issue.1, pp.257-74, 2006.
DOI : 10.1007/s10207-006-0005-7
, Security and Trust Requirements Engineering, Foundations of Security Analysis and Design III, 2005.
DOI : 10.1007/11554578_8
, ST-tool: a CASE tool for security requirements engineering, 13th IEEE International Conference on Requirements Engineering (RE'05), pp.451-52, 2005.
DOI : 10.1109/RE.2005.67
, On Non-Functional Requirements, 15th IEEE International Requirements Engineering Conference (RE 2007), pp.7-21, 2007.
DOI : 10.1109/RE.2007.45
, Toward principles for the design of ontologies used for knowledge sharing?, International Journal of Human-Computer Studies, vol.43, issue.5-6, pp.5-6, 1995.
DOI : 10.1006/ijhc.1995.1081
, Multilateral security requirements analysis for preserving privacy in ubiquitous environments, Enquête sur la sécurité numérique des entreprises ». Fondation pour la Recherche Stratégique (FRS), n°01 Proceedings of the UKDU Workshop, pp.51-64, 2006.
, « Contextualizing Security Goals: A Method for Multilateral Security Requirements Elicitation, » In Sicherheit, vol.6, pp.42-53, 2006.
, An introduction to Computer Security: The NIST Handbook, NIST. National Institute of Standards and Technology, 1995.
DOI : 10.6028/NIST.SP.800-12
, Security Requirements Engineering: A Framework for Representation and Analysis, IEEE Transactions on Software Engineering, vol.34, issue.1, pp.133-53, 2008.
DOI : 10.1109/TSE.2007.70754
, A framework for security requirements engineering, Proceedings of the 2006 international workshop on Software engineering for secure systems , SESS '06, 2006.
DOI : 10.1145/1137627.1137634
, A Pattern System for Security Requirements Engineering, The Second International Conference on Availability, Reliability and Security (ARES'07), pp.356-65, 2007.
DOI : 10.1109/ARES.2007.12
, A Framework for Modeling Privacy Requirements in Role Engineering, Proceedings of Requirements Engineering Foundation for Software Quality, REFSQ, pp.137-146, 2003.
, « A Reuse-Based Approach to Security Requirements Engineering ». http://users.ece.utexas « RiskREP: risk-based security requirements elicitation and prioritization », Perspectives in Business Informatics Research, in the 1st International Workshop on Alignment of Business Process and Security Modelling, pp.155-162, 2006.
, An Ontology of Information Security, International Journal of Information Security and Privacy, vol.1, issue.4, pp.1-23, 2007.
DOI : 10.4018/jisp.2007100101
, Design Research in Information Systems: Theory and Practice, 2010.
DOI : 10.1007/978-1-4419-5653-8
, A Graphical Approach to Risk Identification, Motivated by Empirical Investigations, Proceedings of the 9th international conference on Model Driven Engineering Languages and Systems, 574?88. MoDELS'06, 2006.
DOI : 10.1007/11880240_40
, « A Practical Guide To Building OWL Ontologies Using The Protégé-OWL Plugin and CO-ODE Tools Edition 1, 2004.
, Requirements Engineering, 2011.
, International Standard 15408-2, ISO/IEC « ISO/IEC: Information Technology - Security Techniques -Evaluation Criteria for IT Security -Part 2: Security Functional Requirements, 1999.
, Information technology --Security techniques --Management of information and communications technology security --Part 1: Concepts and models for information and communications technology security management, pp.13335-13336, 2004.
, « An Approach to Guide Requirement Elicitation by Analysing the Causes and Consequences of Threats ». Information Modelling and Knowledge Bases XVI 121, p.13, 2005.
, Software Requirements & Specifications: A Lexicon of Practice, Principles, and Prejudices, 1995.
, Problem Frames: Analysing and Structuring Software Development Problems, 2001.
, Experimental Threat Model Reuse with Misuse Case Diagrams, Information and Communications Security, 2010.
DOI : 10.1007/978-3-642-17650-0_25
, Using UMLsec and goal trees for secure systems development, Proceedings of the 2002 ACM symposium on Applied computing , SAC '02, 2002.
DOI : 10.1145/508791.508990
, Secure Systems Development with UML. Berlin, 2005.
, Automated Verification of UMLsec Models for Security Requirements, UML 2004 ? The Unified Modeling Language, 2004.
DOI : 10.1007/978-3-540-30187-5_26
, Using Domain Ontology as Domain Knowledge for Requirements Elicitation, 14th IEEE International Requirements Engineering Conference (RE'06), pp.189-98, 2006.
DOI : 10.1109/RE.2006.72
, An ontology for secure e-government applications, First International Conference on Availability, Reliability and Security (ARES'06), p.pp, 2006.
DOI : 10.1109/ARES.2006.28
, Preliminary guidelines for empirical research in software engineering, Preliminary guidelines for empirical research in software engineering, pp.721-755, 2002.
DOI : 10.1109/TSE.2002.1027796
, Using mapping studies as the basis for further research ??? A participant-observer case study, Information and Software Technology, vol.53, issue.6, pp.638-51, 2011.
DOI : 10.1016/j.infsof.2010.12.011
, Guidelines for performing Systematic Literature Reviews in Software Engineering, 2007.
, Requirements Engineering: Processes and Techniques. Chichester, 1998.
, Power point presentation, http://mkusuma.staff.gunadarma.ac, KBS-Review.pdf, 2015.
, A taxonomy of computer program security flaws, ACM Computing Surveys, vol.26, issue.3, pp.211-254, 1994.
DOI : 10.1145/185403.185412
, « Construction d'une ontologie pour le domaine de la sécurité : application aux agents mobiles ». Doctoral dissertation, 2009.
, « Mixing Software Engineering Research and Development--What Needs Ethical Review and What Does Not?, Empirical Software Engineering, vol.6, issue.4, pp.319-340, 2001.
DOI : 10.1023/A:1011974632340
, « A systems approach to conduct an effective literature review in support of information systems research, Informing Science: International Journal of an Emerging Transdiscipline, vol.9, issue.1, pp.181-212, 2006.
, « Analysing security threats and vulnerabilities using abuse frames « Introducing abuse frames for analysing security requirements, the proceedings of the 11th IEEE International Requirements Engineering Conference (RE'03), pp.371-72, 2003.
, Using abuse frames to bound the scope of security problems, the proceedings of the 12th IEEE International Requirements Engineering Conference, pp.354-355, 2004.
, Analyzing security requirements as relationships among strategic actors, Submitted to the Symposium on Requirements Engineering for Information Security (SREIS'02), 2002.
, Security and privacy requirements analysis within a social setting, Journal of Lightwave Technology, 2003.
DOI : 10.1109/ICRE.2003.1232746
, SecureUML: A UML-Based Modeling Language for Model-Driven Security, ?UML? 2002 ? The Unified Modeling Language 426?41. Lecture Notes in Computer Science 2460, 2002.
DOI : 10.1007/3-540-45800-X_33
, Guide de la sécurité des systèmes d'information, 1999.
, Ontology learning for the Semantic Web, IEEE Intelligent Systems, vol.16, issue.2, pp.72-79, 2001.
DOI : 10.1109/5254.920602
, Integrated Software Reuse: Management and Techniques, 1993.
, « An owl-based security incident ontology, Proceedings of the Eighth International Protege Conference, pp.43-44, 2005.
, An Extended Ontology for Security Requirements, Advanced Information Systems Engineering Workshops, 2011.
DOI : 10.1007/978-3-540-45248-5_7
, An Ontology for Secure Socio-Technical Systems. Handbook of ontologies for business interaction 1, p.469, 2007.
, Using a security requirements engineering methodology in practice: The compliance with the Italian data protection legislation, Computer Standards & Interfaces, vol.27, issue.5, 2004.
DOI : 10.1016/j.csi.2005.01.003
, « Detecting Conflicts between Functional and Security Requirements with Secure Tropos: John Rusnak and the Allied Irish Bank ». Social modeling for requirements engineering, 2008.
, Model-Based Management of Information System Security Risk, 2012.
URL : https://hal.archives-ouvertes.fr/tel-00402996
, « Towards a risk-based security requirements engineering framework, Proceedings of the Workshop on Requirements Engineering for Software Quality REFSQ, 2005.
, Using abuse case models for security requirements analysis, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99), 1999.
DOI : 10.1109/CSAC.1999.816013
, Common Criteria for Information Technology Security Evaluation: Department of Defense Public Key Infrastructure and Key Management Infrastructure Token Protection Profile, 2002.
, « Security quality requirements engineering (SQUARE) methodology », Proceedings of the 2005 workshop on Software engineering for secure system & building trustworthy applications, 1?7. SESS '05, 2005.
, Incorporating Security Quality Requirements Engineering (SQUARE) into Standard Life-Cycle Models. Incorporating Security Quality Requirements Engineering (SQUARE) into Standard Life-Cycle Models, SQUARE) into Standard Life- Cycle Models, 2008.
, Security Requirements Engineering for Software Systems: Case Studies in Support of Software Engineering Education, 19th Conference on Software Engineering Education & Training (CSEET'06), pp.149-58, 2006.
DOI : 10.1109/CSEET.2006.30
, « Web application security engineering ». Security & Privacy, IEEE, vol.4, issue.4, pp.16-24, 2006.
, A systematic review of security requirements engineering, Computer Standards & Interfaces, vol.32, issue.4, pp.153-65, 2010.
DOI : 10.1016/j.csi.2010.01.006
, Applying a Security Requirements Engineering Process, Computer Security ? ESORICS 2006, 2006.
DOI : 10.1007/11863908_13
, A common criteria based security requirements engineering process for the development of secure information systems, Computer Standards & Interfaces, vol.29, issue.2, pp.244-53, 2007.
DOI : 10.1016/j.csi.2006.04.002
, Security Requirements Variability for Software Product Lines, 2008 Third International Conference on Availability, Reliability and Security, 2008.
DOI : 10.1109/ARES.2008.165
, « Metaphors for literature reviews (responses summary for ISWorld listserv email request), 2002.
, WordNet: a lexical database for English, Communications of the ACM, vol.38, issue.11, pp.39-41, 1995.
DOI : 10.1145/219717.219748
, « Constructing Railway Ontology using Web Ontology Language and Semantic Web Rule Language, International Journal of Computer Technology and Applications, 2005.
, « The Method Evaluation Model: A Theoretical Model for Validating Information Systems Design Methods, Proceedings of the 11 th European Conference on Information Systems, 2003.
, Risk-based Confidentiality Requirements Specification for Outsourced IT Systems, 2010 18th IEEE International Requirements Engineering Conference, 2010.
DOI : 10.1109/RE.2010.30
, CRAC : Confidentiality risk analysis and IT-architecture comparison of business networks, Enschede: Universiteit Twente, 8 pp Mouratidis H. 2006. « Analysing Security Requirements of Information Systems using Tropos ». roceedings 1st Annual Conference on Advances in Computing and Technology (AC&T), pp.55-64, 2009.
, SECURE TROPOS: A SECURITY-ORIENTED EXTENSION OF THE TROPOS METHODOLOGY, International Journal of Software Engineering and Knowledge Engineering, vol.17, issue.02, pp.285-309, 2007.
DOI : 10.1142/S0218194007003240
, Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems, Proceedings of the 15th Conference On Advanced Information Systems Engineering (CAiSE, 2003.
DOI : 10.1007/3-540-45017-3_7
, An Ontology for Modelling Security: The Tropos Approach, Knowledge-Based Intelligent Information and Engineering Systems, 2003.
DOI : 10.1007/978-3-540-45224-9_187
, When security meets software engineering: a case of modelling secure information systems, Information Systems, vol.30, issue.8, pp.609-638, 2005.
DOI : 10.1016/j.is.2004.06.002
, « Security patterns for agent systems, Proceedings of the Eight European Conference on Pattern Languages of Programs (EuroPLoP), 2003.
, A framework to support selection of cloud providers based on security and privacy requirements, Journal of Systems and Software, vol.86, issue.9, pp.2276-93, 2013.
DOI : 10.1016/j.jss.2013.03.011
, MODELING SECURE SYSTEMS USING AN AGENT-ORIENTED APPROACH AND SECURITY PATTERNS, International Journal of Software Engineering and Knowledge Engineering, vol.16, issue.03, pp.471-98, 2006.
DOI : 10.1142/S0218194006002823
, Telos: representing knowledge about information systems, ACM Transactions on Information Systems, vol.8, issue.4, pp.325-62, 1990.
DOI : 10.1145/102675.102676
, Service Discovery Mechanism for an Intentional Pervasive Information System, 2012 IEEE 19th International Conference on Web Services, p.2012, 2012.
DOI : 10.1109/ICWS.2012.84
URL : https://hal.archives-ouvertes.fr/hal-00740053
, The knowledge level, Artificial Intelligence, vol.18, issue.1, pp.87-127, 1982.
DOI : 10.1016/0004-3702(82)90012-1
, « Ontologies and information systems: a literature survey ». Defence Science and Technology Organisation, 2011.
, « SQWRL: A Query Language for OWL, » In OWLED, vol.529, 2009.
, Effective Security Impact Analysis with Patterns for Software Enhancement, 2011 Sixth International Conference on Availability, Reliability and Security, pp.527-561, 2011.
DOI : 10.1109/ARES.2011.79
, Metodología de Análisis y Gestión de Riesgos de los Sistemas de Información
, STS-Tool: Using Commitments to Specify Socio-Technical Security Requirements, Advances in Conceptual Modeling, 2012.
DOI : 10.1007/978-3-642-33999-8_48
, Trustworthy Selection of Cloud Providers Based on Security and Privacy Requirements: Justifying Trust Assumptions, Trust, Privacy, and Security in Digital Business, 2013.
DOI : 10.1007/978-3-642-40343-9_16
, New Oxford Dictionary of English, 2001.
, A Design Science Research Methodology for Information Systems Research, Journal of Management Information Systems, vol.24, issue.3, pp.45-77, 2007.
DOI : 10.2753/MIS0742-1222240302
, Experimental design and analysis in software engineering, Annals of Software Engineering, vol.2, issue.4, pp.219-53, 1995.
DOI : 10.1007/BF02249052
, Requirements Engineering: Fundamentals, Principles, and Techniques, 2010.
DOI : 10.1007/978-3-642-12578-2
, « Fitness for use: the system quality that matters most, the proceedings of the Third International Workshop on Requirements Engineering: Foundations of Software Quality REFSQ, pp.15-28, 1997.
, « Goal formalisation and classification for requirements engineering, Proceedings of Requirements Engineering: Foundation for Software Quality, 1997.
, « Recent Development in Information Technology Security Evaluation-The Need for Evaluation Criteria for Multilateral Security, Security and Control of Information Technology in Society, pp.113-141, 1993.
, Mastering the Requirements Process Getting Requirements Right, 2013.
, Real world research: a resource for users of social research methods in applied settings, 2011.
, Modeling Goals and Reasoning with Them, Engineering and Managing Software Requirements, pp.189-217, 2005.
DOI : 10.1007/3-540-28244-0_9
URL : https://hal.archives-ouvertes.fr/hal-00706380
, Guiding goal modeling using scenarios, IEEE Transactions on Software Engineering, vol.24, issue.12, pp.1055-71, 1998.
DOI : 10.1109/32.738339
URL : https://hal.archives-ouvertes.fr/hal-00673586
, Case Study Research in Software Engineering: Guidelines and Examples. 1 edition, 2012.
DOI : 10.1002/9781118181034
, « Security requirements specifications: How and what, Symposium on Requirements Engineering for Information Security (SREIS), 2001.
, Security Requirements Elicitation Using Method Weaving and Common Criteria, Models in Software Engineering, 2009.
DOI : 10.1007/11575801_34
, Using the RITA Threats Ontology to Guide Requirements Elicitation: an Empirical Experiment in the Banking Sector, 2008 First International Workshop on Managing Requirements Knowledge, pp.11-15, 2008.
DOI : 10.1109/MARK.2008.11
, A Knowledge-oriented Approach to Security Requirements for an E-Voting System, International Journal of Computer Applications, vol.49, issue.11, pp.21-25
DOI : 10.5120/7671-0953
, Survey and analysis on Security Requirements Engineering, Computers & Electrical Engineering, vol.38, issue.6, pp.1785-97, 2012.
DOI : 10.1016/j.compeleceng.2012.08.008
, « Beyond fear, 2008.
, Laleau R. s. d. « Extended Kaos to Support Variability for Goal Oriented Requirements Reuse, Proceedings of the international workshop on model driven information systems engineering: enterprise, user and system models, CEUR, pp.22-33
, « Eliciting security requirements by misuse cases, the 37th International Conference on Technology of Object-Oriented Languages and Systems, pp.120-151, 2000.
, « A Reuse-Based Approach to Determining Security Requirements, Proceedings of the 9th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ'03), pp.16-17, 2003.
, « Capturing security requirements through misuse cases, 2001.
, « Templates for Misuse Case Description, Proceedings of the 7th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ'2001), pp.4-5, 2001.
, « Eliciting Security Requirements with Misuse Cases, pp.34-44, 2005.
, « Towards a new generation of security requirements definition methodology using ontologies, 24th International Conference on Advanced Information Systems Engineering (CAiSE'12), pp.25-29, 2012.
, Comyn-Wattiau I. 2012. « Ontologies for Security Requirements: A Literature Survey and Classification, Advanced Information Systems Engineering Workshops, pp.61-691007
, Axioms are Objects, too ? Ontology Engineering beyond the Modeling of Concepts and Relations, Proceedings of the ECAI 2000 Workshop on Ontologies and Problem -Solving Methods, 2000.
, « The tropos metamodel and its use, Informatica (Slovenia), vol.29, issue.4, pp.401-409, 2005.
, Information security embedded in the design of telematics systems, Computers & Security, vol.16, issue.2, pp.145-64, 1997.
DOI : 10.1016/S0167-4048(97)00003-5
, Security Requirements for the Rest of Us: A Survey, IEEE Software, vol.25, issue.1, pp.20-27, 2008.
DOI : 10.1109/MS.2008.19
, Semantic-based discovery to support mobile context-aware service access, Computer Communications, vol.31, issue.5, pp.935-984, 2008.
DOI : 10.1016/j.comcom.2007.12.026
, Requirements Reuse for Improving Information Systems Security: A Practitioner???s Approach, Requirements Engineering, vol.6, issue.4, pp.205-224, 2001.
DOI : 10.1007/PL00010360
, Towards an Ontology-based Security Management, 20th International Conference on Advanced Information Networking and Applications, Volume 1 (AINA'06), pp.985-92, 2006.
DOI : 10.1109/AINA.2006.329
, Modeling Computer Attacks: An Ontology for Intrusion Detection, the 6th International Symposium on Recent Advances in Intrusion Detection, 2003.
DOI : 10.1007/978-3-540-45248-5_7
, Ontologies: principles, methods and applications, The Knowledge Engineering Review, vol.11, issue.02, pp.93-136, 1996.
DOI : 10.1017/S0269888900007797
, Goal-oriented requirements engineering: a guided tour, Proceedings Fifth IEEE International Symposium on Requirements Engineering, pp.249-62, 2001.
DOI : 10.1109/ISRE.2001.948567
, « Elaborating security requirements by construction of intentional antimodels, the proceedings of the 26th International Conference on Software Engineering, pp.148-57, 2004.
, « From worlds to machines ». A Tribute to Michael Jackson, 2009.
, « Modelling Reusable Security Requirements Based on an Ontology Framework, Journal of Research and Practice in Information Technology, vol.41, issue.2, p.119, 2009.
, Towards an Ontology of Trust, Trust, Privacy, and Security in Digital Business, 2005.
DOI : 10.1007/11537878_18
, « Information Security Guide, 2013.
, Security Attack Ontology for Web Services, 2006 Semantics, Knowledge and Grid, Second International Conference on, 2006.
DOI : 10.1109/SKG.2006.85
, The CORAS Tool for Security Risk Analysis, Trust Management, 2005.
DOI : 10.1007/11429760_30
, Ontology based context modeling and reasoning using OWL, Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops, pp.18-22, 2004.
, « Approach for adaptive security monitor generationapproach-for-adaptive-security- monitor-generation-securechange, 2012.
, Software requirements, 2003.
, Requirements engineering paper classification and evaluation criteria: a proposal and a discussion, Requirements Engineering, vol.39, issue.4, pp.102-109, 2006.
DOI : 10.1007/s00766-005-0021-6
URL : https://hal.archives-ouvertes.fr/hal-00706337
, Verbs semantics and lexical selection, Proceedings of the 32nd annual meeting on Association for Computational Linguistics -, 1994.
DOI : 10.3115/981732.981751
, Case study research: Design and methods, 2014.
, A survey on security patterns, Progress in Informatics, vol.5, issue.5, pp.35-47, 2008.
DOI : 10.2201/NiiPi.2008.5.5
, Modelling Trust for System Design Using the i * Strategic Actors Framework, Trust in Cyber-societies, 2001.
DOI : 10.1007/3-540-45547-7_11
, Exploring Intentional Modeling and Analysis for Enterprise Architecture, 2006 10th IEEE International Enterprise Distributed Object Computing Conference Workshops (EDOCW'06), 2006.
DOI : 10.1109/EDOCW.2006.36
, Service Security Requirement Profiles for Telecom: How Software Engineers May Tackle Security, 2011 Sixth International Conference on Availability, Reliability and Security, 2011.
DOI : 10.1109/ARES.2011.81