|
 
|
[SSC13a] Using Security and Domain ontologies for Security Requirements Analysis
Atelier, Poster ou Démonstration dans une Conférence Internationale : The 8th IEEE International Workshop on Security, Trust and Privacy for Software Applications in conjunction with COMPSAC, the IEEE Signature Conference on Computers, Software & Application., July 2013, pp.1-7, Kyoto, Japan,
motcle:
Résumé:
Recent research has argued about the importance of considering security during Requirements Engineering (RE) stage. Literature also emphasizes the importance of using ontologies to facilitate requirements elicitation. Ontologies are known to be rich sources of knowledge, and, being structured and equipped with reasoning features, they form a powerful tool to handle requirements. We believe that security being a multi-faceted problem, a single security ontology is not enough to guide SR Engineering (SRE) efficiently. Indeed, security ontologies only focus on technical and domain independent aspects of security. Therefore, one can hypothesize that domain knowledge is needed too. Our question is "how to combine the use of security ontologies and domain ontologies to guide requirements elicitation efficiently and effectively?" We propose a method that exploits both types of ontologies dynamically through a collection of heuristic production rules. We demonstrate that the combined use of security ontologies with domain ontologies to guide SR elicitation is more effective than just relying on security ontologies. This paper presents our method and reports a preliminary evaluation conducted through critical analysis by experts. The evaluation shows that the method provides a good balance between the genericity with respect to the ontologies (which do not need to be selected in advance), and the specificity of the elicited requirements with respect to the domain at hand.
Equipe:
isid
Collaboration:
CRI
BibTeX
| @inproceedings { | |||
| SSC13a, | |||
| title | = | "{Using Security and Domain ontologies for Security Requirements Analysis}", | |
| author | = | " A. Souag and C. Salinesi and I. Comyn-Wattiau and H. Mouratidis ", | |
| booktitle | = | "{The 8th IEEE International Workshop on Security, Trust and Privacy for Software Applications in conjunction with COMPSAC, the IEEE Signature Conference on Computers, Software & Application.}", | |
| year | = | 2013, | |
| month | = | "July", | |
| pages | = | "1-7", | |
| address | = | "Kyoto, Japan", | |
| } | |||
