Skip to main content
SpringerLink
Log in

A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities

  • Special Issue - Security Requirements Engineering
  • Published:
Requirements Engineering Aims and scope Submit manuscript

Abstract

Many security breaches occur because of exploitation of vulnerabilities within the system. Vulnerabilities are weaknesses in the requirements, design, and implementation, which attackers exploit to compromise the system. This paper proposes a methodological framework for security requirements elicitation and analysis centered on vulnerabilities. The framework offers modeling and analysis facilities to assist system designers in analyzing vulnerabilities and their effects on the system; identifying potential attackers and analyzing their behavior for compromising the system; and identifying and analyzing the countermeasures to protect the system. The framework proposes a qualitative goal model evaluation analysis for assessing the risks of vulnerabilities exploitation and analyzing the impact of countermeasures on such risks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

Notes

  1. http://www.cert.org/advisories/CA-2000-04.html.

  2. The highlighted color in the models does not bear any semantic significance and only intends to highlight the countermeasures in the figures.

  3. In security requirements literature, two different frameworks developed by different researchers are called Secure Tropos [25, 42].

References

  1. Anderson R (2001) Security engineering: a guide to building dependable distributed systems. Wiley, London

    Google Scholar 

  2. IBM Global Technology Services (2008) IBM internet security systems X-force 2007 trend statistics

  3. National Vulnerability Database. http://www.nvd.nist.gov/

  4. SANS. http://www.sans.org/

  5. Common Weakness Enumeration. http://www.cwe.mitre.org/

  6. Common Vulnerability Scoring System. http://www.first.org/cvss/

  7. Jürjens J (2004) Secure systems development with UML. Springer, Berlin

    Google Scholar 

  8. Liu L, Yu E, Mylopoulos J (2003) Security and privacy requirements analysis within a social setting. In: Proceedings of the 11th IEEE international conference on requirements engineering. IEEE Computer Society, pp 151–161

  9. Giorgini P, Massacci F, Mylopoulos J, Zannone N (2006) Requirements engineering for trust management: model, methodology, and reasoning. Int J Inf Secur 5(4):257–274

    Article  Google Scholar 

  10. Schneier B (1999) Attack trees. Dr. Dobb’s J 24(12):21–29

    Google Scholar 

  11. Sindre G, Opdahl AL (2005) Eliciting security requirements with misuse cases. Requir Eng 10(1):34–44

    Article  Google Scholar 

  12. van Lamsweerde A (2004) Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th international conference on software engineering. IEEE Computer Society, pp 148–157

  13. Asnar Y, Moretti R, Sebastianis M, Zannone N (2008) Risk as dependability metrics for the evaluation of business solutions: a model-driven approach. In: Proceedings of the 3rd international conference on availability, reliability and security. IEEE Computer Society, pp 1240–1248

  14. Matulevicius R, Mayer N, Mouratidis H, Dubois E, Heymans P, Genon N (2008) Adapting secure tropos for security risk management in the early phases of information systems development. In: Proceedings of the 20th international conference on advanced information systems engineering, LNCS 5074. Springer, pp 541–555

  15. Braber F, Hogganvik I, Lund MS, Stolen K, Vraalsen F (2007) Model-based security analysis in seven steps—a guided tour to the CORAS method. BT Technol J 25(1):101–117

    Article  Google Scholar 

  16. den Braber F, Dimitrakos T, Gran BA, Lund MS, Stolen K, Aagedal JO (2003) The CORAS methodology: model-based risk assessment using UML and UP. In: UML and the unified process. IGI Publishing, Hershey, PA, pp 332–357

  17. Elahi G, Yu E (2007) A goal oriented approach for modeling and analyzing security trade-offs. In: Proceedings of 26th international conference on conceptual modeling, LNCS 4801. Springer, pp 375–390

  18. ISO/IEC (2004) Management of information and communication technology security—part 1: concepts and models for information and communication technology security management. ISO/IEC 13335

  19. Kissel ER (2005) Glossary of key information security terms. NIST IR 7298

  20. Schneider FB (ed) (1998) Trust in cyberspace. National Academy Press, Washington

    Google Scholar 

  21. Schneier B (2003) Beyond fear. Springer, Berlin

    Google Scholar 

  22. McDermott JP (2000) Attack net penetration testing. In: Proceedings of the 2000 workshop on new security paradigms. ACM, pp 15–21

  23. Phillips C, Swiler LP (1998) A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 workshop on new security paradigms. ACM, pp 71–79

  24. Avizienis A, Laprie J-C, Randell B, Landwehr CE (2004) Basic concepts and taxonomy of dependable and secure computing. IEEE Trans Dependable Secur Comput 1(1):11–33

    Article  Google Scholar 

  25. Massacci F, Mylopoulos J, Zannone N (2008) An ontology for secure socio-technical systems. In: Handbook of ontologies for business interaction, Chap. XI. The IDEA Group

  26. Schneier B (2007) The psychology of security. Commun ACM 50(5):128

    Article  Google Scholar 

  27. Massacci F, Prest M, Zannone N (2005) Using a security requirements engineering methodology in practice: the compliance with the Italian data protection legislation. Comp Stand Interf 27(5):445–455

    Article  Google Scholar 

  28. Yu ESK (1995) Modeling strategic relationships for process reengineering. PhD thesis, University of Toronto

  29. Sindre G, Opdahl AL (2007) Capturing dependability threats in conceptual modelling. In: Conceptual modelling in information systems engineering. Springer, pp 247–260

  30. Yu ESK (1997) Towards modeling and reasoning support for early-phase requirements engineering. In: Proceedings of the 3rd IEEE international conference on requirements engineering. IEEE Computer Society, pp 226–235

  31. Chung L, Nixon BA, Yu E, Mylopoulos J (eds) (2000) Non-functional requirements in software engineering. Kluwer, Dordrecht

    MATH  Google Scholar 

  32. Horkoff J (2006) Using i* models for evaluation. Master’s thesis, University of Toronto

  33. Vesely WE, Goldberg FF, Roberts N, Haasl DF (1981) Fault tree handbook. Technical Report NUREG-0492, U.S. Nuclear Regulatory Commission

  34. Hoglund G, McGraw G (2004) Exploiting software: how to break code. Addison-Wesley Professional, Reading

    Google Scholar 

  35. Whittaker JA, Thompson H, Thompson HH, Thompson H (2003) How to break software security: effective techniques for security testing. Pearson

  36. Schumacher M, Fernandez-Buglioni E, Hybertson D, Buschmann F, Sommerlad P (2006) Security patterns: integrating security and systems engineering. Wiley, London

    Google Scholar 

  37. Dardenne A, van Lamsweerde A, Fickas S (1993) Goal-directed requirements acquisition. Sci Comput Program 20:3–50

    Article  MATH  Google Scholar 

  38. van Lamsweerde A, Letier E (2000) Handling obstacles in goal-oriented requirements engineering. IEEE Trans Softw Eng 26(10):978–1005

    Article  Google Scholar 

  39. Bresciani P, Giorgini P, Giunchiglia F, Mylopoulos J, Perini A (2004) TROPOS: an agent-oriented software development methodology. J Auton Agents Multi-Agent Syst 8(3):203–236

    Article  Google Scholar 

  40. Compagna L, Khoury PE, Krausová A, Massacci F, Zannone N (2009) How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns. Artif Intell Law 17(1):1–30

    Article  Google Scholar 

  41. Massacci F, Zannone N (2008) A model-driven approach for the specification and analysis of access control policies. In: Proceedings of the OTM 2008 confederated international conferences, LNCS 5332. Springer, pp 1087–1103

  42. Mouratidis H, Giorgini P (2007) Secure tropos: a security-oriented extension of the tropos methodology. Int J Softw Eng Knowl Eng 17(2):285–309

    Article  Google Scholar 

  43. Asnar Y, Giorgini P (2006) Modelling risk and identifying countermeasure in organizations. In: Proceedings of the 1st international workshop on critical information infrastructures security, LNCS 4347. Springer, pp 55–66

  44. Mayer N, Rifaut A, Dubois E (2005) Towards a risk-based security requirements engineering framework. In: Proceedings of the 11th workshop on requirements engineering for software quality

  45. Mayer N, Heymans P, Matulevicius R (2007) Design of a modelling language for information system security risk management. In: Proceedings of the 1st international conference on research challenges in information science, pp 121–132

  46. Mayer N, Dubois E, Matulevicius R, Heymans P (2008) Towards a measurement framework for security risk management. In: Proceedings of modeling security workshop, 2008

  47. Haley C, Laney R, Moffett J, Nuseibeh B (2008) Security requirements engineering: a framework for representation and analysis. IEEE Trans Softw Eng 34(1):133–153

    Article  Google Scholar 

  48. McDermott J, Fox C (1999) Using abuse case models for security requirements analysis. In: Proceedings of the 15th annual computer security applications conference. IEEE Computer Society, pp 55–66

  49. Rostad L (2006) An extended misuse case notation: including vulnerabilities and the insider threat. In: Proceedings of the 12th working conference on requirements engineering: foundation for software quality

  50. Jürjens J (2008) Model-based security testing using UMLsec: a case study. Electron Notes Theoretical Comput Sci 220(1):93–104

    Article  Google Scholar 

  51. Jürjens J, Schreck J, Yu Y (2008) Automated analysis of permission-based security using UMLsec. In: Proceedings of 11th international conference on fundamental approaches to software engineering, LNCS 4961. Springer, pp 292–295

Download references

Acknowledgments

Financial support from Natural Science and Engineering Research Council of Canada and Bell University Labs is gratefully acknowledged.

Author information

Authors and Affiliations

  1. University of Toronto, Toronto, ON, Canada

    Golnaz Elahi, Eric Yu & Nicola Zannone

Authors
  1. Golnaz Elahi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eric Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nicola Zannone
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Golnaz Elahi.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Elahi, G., Yu, E. & Zannone, N. A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities. Requirements Eng 15, 41–62 (2010). https://doi.org/10.1007/s00766-009-0090-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00766-009-0090-z

Keywords

Search

Navigation