An ontology-based framework for modelling security requirements

Security in Information Systems - Proceedings of the 6th International Workshop on Security in Information Systems, WOSIS 2008; In Conjunction with ICEIS 2008

Volumn , Issue , 2008, Pages 78-88

  Lasheras, Joaquín ^a   Valencia García, Rafael ^a   Fernández Breis, Jesualdo Tomás ^a   Toval, Ambrosio ^a  

^a UNIVERSITY OF MURCIA   (Spain)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER SOFTWARE REUSABILITY; FORMAL METHODS; INDUSTRIAL MANAGEMENT; INFORMATION SYSTEMS; INFORMATION THEORY; REQUIREMENTS ENGINEERING; RISK ANALYSIS; RISK ASSESSMENT; SAFETY FACTOR; SEMANTIC WEB; SEMANTICS; STANDARDIZATION; TECHNICAL PRESENTATIONS;

IS DEVELOPMENTS; QUALITY OF SOFTWARES; REQUIREMENTS ANALYSIS; SECURITY REQUIREMENTS; SEMANTIC PROCESSING; SEMANTIC WEB TECHNOLOGIES;

ONTOLOGY;

EID: 58049148060     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (28)

1. Smith, S.W.Spafford, E.H., Grand Challenges in Information Security: Process and Output. IEEE Security & Privacy, 2(1): (2004). p. 69-71.
2. Devanbu, P.Stubblebine, S., Software engineering for security: a roadmap. ACM Press. Future of Software Engineering: (2000). p. 227-239.
3. Jürjens, J., Secure Systems Development with UML: Springer (2005).
4. Cheng, B.Atlee, M. Research Directions in Requirements Engineering, in Future of Software Engineering 2007 (FOSE 2007) Minneapolis, Minnesota (2007).
5. ISO27002, ISO/IEC 17799-27002 Code of Practice for Information Security Managament. (2005).
6. Rothenberger, M.A., Dooley, K.J., Kulkarni, U.R., Nada, N., Strategies for Software Reuse: A Principal Component Analysis of Reuse Practices. IEEE Trans. on Soft. Eng., 29(9): (2003). p. 825-837.
7. Sommerville, I., Software Engineering (7th edition): Pearson Education Limited (2004).
8. Firesmith, D., Specifying Reusable Security Requirements. Journal of Object Technology, 3(1): (2004). p. 61-75.
9. Berners-Lee, T., Hendler, J., Lassila, O., The Semantic Web, in Scientific American.(2001): http://www.scientificamerican.com.
10. Brewster, C.O'Hara, K., Knowledge Representation with Ontologies: The Present and Future. IEEE Intelligent Systems, 19:1: (2004). p. 72-73.
11. Gruber, T., Towards Principles for the Design of Ontologies used for Knowledge Sharing. International Journal of Human-Computer Studies, 43(5/6): (1995). p. 907-928.
12. Raskin, V., Hempelmann, C.F., Triezenberg, K.E., Nirenburg, S. Ontology in Information Security: A Useful Theoretical Foundation and Methodological Tool, in New Paradigms Security Workshop NSPW'01. ACM Press Clouford, New Mexico, USA (2001).
13. Tsoumas, B.Gritzalis, D., Towards an Ontology-based Security Management. Proceedings of the 20th International Conference on Advanced Information Networking and Applications (AINA'06). IEEE Computer Society, 1 : (2006).
14. Mouratidis, H.Giorgini, P., Integrating Security and Software Engineering: Advances and Future Visions: Idea Group Publishing (2007a).
15. Toval, A., Olmos, A., Piattini, M. Legal Requirements Reuse: A Critical Success Factor for Requirements Quality and Personal Data Protection, in IEEE Joint International Conference on Requirements Engineering (ICRE'02 and RE'02). Essen, Alemania (2002b).
16. MAGERIT, Methodology for Information Systems Risk Analysis and Management: http://www.csi.map.es/csi/pg5m20.htm. (2006)
17. ISO15408, ISO/IEC 15408 (Common Criteria v3.0) "Information Technology Security Techniques-Evaluation Criteria for IT Security ".(2005).
18. Toval, A., Nicolás, J., Moros, B., García, F., Requirements Reuse for Improving Information Systems Security: A Practicioner's Approach. Requirements Engineering Journal.Springer,6(4): (2002a).p.205-219.
19. IEEE, Std 830-1998 Guide to Software Requirements Specifications in Volume 4: Resource and Technique Standards. The Institute of Electrical and Electronics Engineers, Inc. IEEE Software Engineering Standards Collection.(1999).
20. IEEE, Std 1233-1998 Guide for Developing System Requirements Specifications, in Volume 1: Customer and Terminology Standards. The Institute of Electrical and Electronics Engineers, Inc. IEEE Software Engineering Standards Collection(1999).
21. Martínez, M.A., Lasheras, J., Toval, A., Piattini, M. An Audit Method of Personal Data Based on Requirements Engineering, in The 4th International Workshop on Security In Information Systems (WOSIS-2006). Paphos, Chipre (2006).
22. Lozano-Tello, A.Gómez-Pérez, A., ONTOMETRIC: A Method to Choose the Appropriate Ontology. Journal of Database Management. Special Issue on Ontological analysis, Evaluation, and Engineering of Business Systems Analysis Methods, 15(2): (2004).
23. Blanco, C., Lasheras, J., Valencia-García, R., Fernández-Media, E., Toval, A., Piattini, M. A Systematic Review and Comparison of Security Ontologies, in International Workshop on Frontiers in Availability, Reliability and Security (FARES) in conjunction with ARES. Barcelona (2007).
24. Dobson, G.Sawyer, P., Revisiting Ontology-Based Requirements Engineering in the age of the Semantic Web. International Seminar on "Dependable Requirements Engineering of Computerised Systems at NPPs", Institute for Energy Technology (IFE), Halden: (2006).
25. Mouratidis, H., Giorgini, P., Manson, G., An Ontology for Modelling Security: The Tropos Approach, in Knowledge-Based Intelligent Information and Engineering Systems. Springer Berlin/ Heidelberg. (2003) p. 1387-1394.
26. Kim, A., Luo, J., Kang, M. Security Ontology for Annotating Resources in 4th International Conference on Ontologies, Databases, and Applications of Semantics (ODBASE'05). Agia Napa, Cyprus (2005).
27. Fenz, S.Weippl, E.Ontology based IT-security planning. Proceedings of 12th Pacific Rim International Symposium on Dependable Computing PRDC '06. IEEE Computer Society: (2006). p. 389-390.
28. Lee, S.W., Gandhi. R.A., Ontology-based Active Requirements Engineering Framework. APSEC (2005).