Title :
Pattern-based security requirements specification using ontologies and boilerplates
Author :
Daramola, Olawande ; Sindre, Guttorm ; Stalhane, Tor
Author_Institution :
Dept. of Comput. & Inf. Sci., Norwegian Univ. of Sci. & Technol., Trondheim, Norway
Abstract :
The task of specifying and managing security requirements (SR) is a challenging one. Usually SR are often neglected or considered too late - leading to poor design, and cost overruns. Also, there is scarce expertise in managing SR, because most requirements engineering teams do not include security experts, which leads to prevalence of too vague or overly specific SR. In this work, we present an ontology-based approach that uses predefined pattern-based templates - requirements boilerplates - to aid requirements engineers in the formulation of SR. We realized the approach via a prototype tool that enables the formulation of SR from textual misuse case (TMUC) descriptions of security threat scenarios. The results from a preliminary evaluation suggest the viability of the proposed approach, in that the tool was judged as easy to use, supports reuse, and facilitates the formulation of good quality SR.
Keywords :
expert systems; formal specification; ontologies (artificial intelligence); security of data; software prototyping; TMUC descriptions; ontology-based approach; pattern-based security requirements specification; pattern-based templates; prototype tool; requirements boilerplates; requirements engineering teams; security experts; security threat scenarios; textual misuse case descriptions; Cognition; Computers; Missiles; Ontologies; Security; Semantics; Software; boilerplates; ontology; pattern-based reuse; requirements specification; security requirements;
Conference_Titel :
Requirements Patterns (RePa), 2012 IEEE Second International Workshop on
Conference_Location :
Chicago, IL
Print_ISBN :
978-1-4673-4374-9
Electronic_ISBN :
978-1-4673-4375-6
DOI :
10.1109/RePa.2012.6359973
