Abstract
Despite existing methodologies in the field, most requirements engineers are poorly trained to define security requirements. This is due to a considerable lack of security knowledge. Some security ontologies have been proposed, but a gap still exists between the two fields of security requirement engineering and ontologies. This paper is a survey, it proposes an analysis and a typology of existing security ontologies and their use for requirements definition.
Keywords
References
Blanco, C., Lasheras, J., Valencia-Garcia, R., Fernandez Medina, E., Toval, A., Piattini, M.: A systematic review and comparison of security ontologies. In: ARES, Barcelona (2008)
Mouratidis, H., Giorgini, P., Manson, G.: Towards the development of secure information systems: Security Reference Diagram and Security Attack Scenarios. In: CAiSE (2004)
Ekelhart, A., Fenz, S., Klemen, M., Weippl, E.: Security Ontologies: Improving Quantitative Risk Analysis. In: HICSS 2007 (2007)
Gruber, T.R.: Toward Principles for the Design of Ontologies Used for Knowledge Sharing. International Journal Human-Computer Studies 43(5-6), 907–928 (1995)
Dobson, G., Pete, S.: Revisiting Ontology-Based Requirements Engineering in the age of the Semantic Web. Requirements Engineering (2006)
Donner, M.: Toward a Security Ontology. IEEE Security and Privacy (2003)
Barnes, S.J.: Assessing the value of IS journals. Communications of the ACM (2005)
Rainer, R.K., Miller, M.D.: Examining differences across journal rankings. Communications of the ACM 48(2), 91–94 (2005)
Mylopoulos, J., Jarke, M., Koubarakis, M.: Telos – a language for representing knowledge about information systems. ACM Trans. Information Systems 8(4), 327–362 (1990)
Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C.E.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Sec. Comput. (2004)
Landwehr, C.E., Bull, A.R., McDermott, J.P., Choi, W.S.: A taxonomy of computer program security flaws. ACM Comput. Surv. 26(3), 211–254 (1994)
Herzog, A., Shahmehri, N., Duma, C.: An Ontology of Information Security. International Journal of Information Security 1(4), 1–23 (2007)
Fenz, S., Ekelhart, A.: Formalizing information security knowledge. In: ASIACCS 2009, pp. 183–194 (2009)
Undercoffer, J., Joshi, A., Pinkston, J.: Modeling Computer Attacks: An Ontology for Intrusion Detection. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 113–135. Springer, Heidelberg (2003)
Geneiatakis, D., Lambrinoudakis, C.: An ontology description for SIP security flaws. Computer Communications (2006) (in press) (corrected proof)
Denker, G., Kagal, L., Finin, T.W., Paolucci, M., Sycara, K.: Security for DAML Web Services: Annotation and Matchmaking. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 335–350. Springer, Heidelberg (2003)
Denker, G., Nguyen, S., Ton, A.: OWL-S Semantics of Security Web Services: a
Denker, G., Kagal, L., Finin, T.: Security in the Semantic Web using OWL. Information Security Technical Report 10(1), 51–58 (2005)
Kim, A., Luo, J., Kang, M.: Security Ontology for Annotating Resources. In: ODBASE 2005 (2005)
Vorobiev, A., Han, J.: Security Attack Ontology for Web Services. In: SKG 2006, p. 42. IEEE Computer Society (2006)
Abou Assali, A., Lenne, D., Debray, B.: Ontology development for industrial risk analysis. In: ICTTA 2008, Damascus, Syria (April 2008)
Tsoumas, B., Gritzalis, D.: Towards an ontology-based security management. In: AINA, pp. 985–992 (2006)
Karyda, M., et al.: An ontology for secure e-government applications. In: ARES 2006, pp. 1033–1037. IEEE Computer Society (2006)
Firesmith, D.G.: A taxonomy of security-related requirements. In: RHAS 2005, Paris (2005)
Mouratidis, H., Giorgini, P., Manson, G.: An Ontology for Modeling Security: The Tropos Approach. In: Knowledge-Based Intelligent Information and Engineering Systems, pp. 1387–1394. Springer, Heidelberg (2003)
Massacci, F., Mylopoulos, J., Paci, F., Tun, T., Yu, Y.: An extended ontology for security requirements. In: WEISSE 2011, June 20-24 (2011)
Case Study. In: 1st European Semantic Web Symposium: Heraklion, Greece (2004)
Elahi, G.: Security Requirements Engineering: State of the Art and Practice and Challenges (2009), http://www.cs.utoronto.ca/~gelahi/DepthPaper.pdf
Nguyen, V.: Ontologies and Information Systems: A Literature Survey (2011), http://hdl.handle.net/1947/10144
Sikora, E., Tenbergen, B., Pohl, K.: Industry needs and research directions in requirements engineering for embedded systems. In: RE (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Souag, A., Salinesi, C., Comyn-Wattiau, I. (2012). Ontologies for Security Requirements: A Literature Survey and Classification. In: Bajec, M., Eder, J. (eds) Advanced Information Systems Engineering Workshops. CAiSE 2012. Lecture Notes in Business Information Processing, vol 112. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31069-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-31069-0_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31068-3
Online ISBN: 978-3-642-31069-0
eBook Packages: Computer ScienceComputer Science (R0)