Abstract
Security concerns for physical, software and virtual worlds have captured the attention of researchers and the general public, thanks to a series of dramatic events during the past decade. Unsurprisingly, this has resulted in increased research activity on topics that relate to security requirements. At the very core of this activity lies the problem of determining a suitable set of concepts (aka ontology) for modeling security requirements. Many proposals for such ontologies exist in the literature. The main objective of this paper is to amalgamate and extend the security ontologies proposed in [1] and [2]. The amalgamation includes a careful comparison of primitive concepts in Problem Frames and Secure Tropos, but also offers a novel account for rather nebulous security concepts, such as those of vulnerability and threat. The new concepts are justified and related to the literature. Moreover, the paper offers a number of security requirements adopted from industrial case studies, along with their respective representation in terms of the proposed ontology.
Chapter PDF
Similar content being viewed by others
Keywords
- Global Navigation Satellite System
- Security Requirement
- Argumentation Framework
- Problem Frame
- Security Goal
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Massacci, F., Mylopoulos, J., Zannone, N.: Computer-aided support for secure tropos. Automated Software Engg. 14(3), 341–364 (2007)
Haley, C.B., Laney, R.C., Moffett, J.D., Nuseibeh, B.: Security requirements engineering: A framework for representation and analysis. IEEE Trans. Software Eng. 34(1), 133–153 (2008)
Gruber, T.R.: Toward principles for the design of ontologies used for knowledge sharing. Int. J. Hum.-Comput. Stud. 43(5-6), 907–928 (1995)
Blanco, C., Lasheras, J., Valencia-García, R., Fernández-Medina, E., Toval, A., Piattini, M.: A systematic review and comparison of security ontologies. In: ARES 2008: Proceedings of the 2008 Third International Conference on Availability, Reliability and Security, pp. 813–820. IEEE Computer Society Press, Washington, DC, USA (2008)
Zannone, N.: A requirements engineering methodology for trust, security, and privacy (2006)
Jackson, M.: Problem frames: analyzing and structuring software development problems. Addison-Wesley Longman Publishing Co., Inc., Boston (2001)
Secure change project
Bresciani, P., Perini, A., Giorgini, P., Giunchiglia, F., Mylopoulos, J.: Tropos: An agent-oriented software development methodology. Autonomous Agents and Multi-Agent Systems 8, 203–236 (2004)
Yu, E.S.K.: Modelling strategic relationships for process reengineering. PhD thesis, Toronto, Ont., Canada, Canada, Adviser-Mylopoulos, John (1995)
Liu, L., Yu, E.S.K., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: [27], pp. 151–161 (2003)
Lin, L., Nuseibeh, B., Ince, D.C., Jackson, M., Moffett, J.D.: Introducing abuse frames for analysing security requirements. In: [27], pp. 371–372 (2003)
van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: ICSE, pp. 148–157. IEEE Computer Society, Los Alamitos (2004)
Nuseibeh, B., Haley, C.B., Foster, C.: Securing the skies: In requirements we trust. IEEE Computer 42(9), 64–72 (2009)
Hall, J.G., Rapanotti, L., Jackson, M.: Problem frame semantics for software development. Software and System Modeling 4(2), 189–198 (2005)
Laney, R.C., Tun, T.T., Jackson, M., Nuseibeh, B.: Composing features by managing inconsistent requirements. In: du Bousquet, L., Richier, J.L. (eds.) ICFI, pp. 129–144. IOS Press, Amsterdam (2007)
Gangemi, A., Guarino, N., Masolo, C., Oltramari, A., Schneider, L.: Sweetening ontologies with DOLCE. Knowledge Engineering and Knowledge Management: Ontologies and the Semantic Web, 223–233 (2002)
Gangemi, A., Presutti, V.: Ontology Design Patterns. In: Handbook of Ontologies, 2nd edn., Springer, Berlin (pres)
Cordy, J.R.: Txl - a language for programming language tools and applications. Electron. Notes Theor. Comput. Sci. 110, 3–31 (2004)
Blanco, C., Lasheras, J., Garcia, R.V., Fernandez-Medina, E.: A systematic review and comparison of security ontologies (2008)
Denker, G., Kagal, L., Finin, T., Sycara, K., Paoucci, M.: Security for daml web services: Annotation and matchmaking. In: Second International Semantic Web Conference (2003)
Dobson, G., Sawyer, P.: Revisiting ontology-based requirements engineering in the age of semantic web. International Seminar on Dependable Requirements Engineering of computerised Systems at NPPs (2006)
Fenz, S., Weippl, E.: Ontology based it-security planning. In: Twelve Pacific Rim International Symposium on Dependable Computing (2006)
Firesmith, D.: Engineering safety related requirements for software intensive systems. In: 27th International Conference on Software Engineering (2005)
Karyda, M., Balopoulos, T., Gymnopoulos, L., Kokolakis, S., Lambrinoudakis, C., Gritzalis, S., Dritsas, S.: An ontology for secure e-government applications. In: International Conference on Availability, Reliability and Security (2006)
Kim, A., Luo, J., Kang, M.: Securit ontology for annotating resources. In: 4th International Conference on Ontologies, Databases, and Applications of Semantics (2005)
Undercoffer, J., Joshi, A., Pinkston, J.: Modeling computer attacks: An ontology for intrusion detection. In: 6th International Symposium on Recent Advances in Intrusion Detection, pp. 113–135. Springer, Heidelberg (2003)
In: RE 11th IEEE International Conference on Requirements Engineering (RE 2003), September 8-12. IEEE Computer Society, Los Alamitos (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Massacci, F., Mylopoulos, J., Paci, F., Tun, T.T., Yu, Y. (2011). An Extended Ontology for Security Requirements. In: Salinesi, C., Pastor, O. (eds) Advanced Information Systems Engineering Workshops. CAiSE 2011. Lecture Notes in Business Information Processing, vol 83. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22056-2_64
Download citation
DOI: https://doi.org/10.1007/978-3-642-22056-2_64
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22055-5
Online ISBN: 978-3-642-22056-2
eBook Packages: Computer ScienceComputer Science (R0)