Model-based argument analysis for evolving security requirements

SSIRI 2010 - 4th IEEE International Conference on Secure Software Integration and Reliability Improvement

Volumn , Issue , 2010, Pages 88-97

  Tun, Thein Than ^a   Yu, Yijun ^a   Haley, Charles ^a   Nuseibeh, Bashar ^a,b  

^a OPEN UNIVERSITY   (United Kingdom)

^b University of Limerick   (Ireland)

Author keywords

Event calculus; Evolution; OpenPF; Requirements engineering; Security argumentation

Indexed keywords

AIR TRAFFIC CONTROL; CALCULATIONS; CRYPTOGRAPHY;

EVENT CALCULUS; EVOLUTION; META MODEL; METAMODELING; MODEL-BASED OPC; OPENPF; REQUIREMENT ENGINEERING; SECURITY ARGUMENTATIONS; SECURITY REQUIREMENTS; SOFTWARE-SYSTEMS;

REQUIREMENTS ENGINEERING;

EID: 77954833400     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SSIRI.2010.36     Document Type: Conference Paper

References (36)

1. M. Jackson, Problem Frames: Analyzing and structuring software development problems. Addison Wesley, 2001.
2. C. A. Gunter, E. L. Gunter, M. Jackson, and P. Zave, "A reference model for requirements and specifications," IEEE Softw., vol. 17, no. 3, pp. 37-43, 2000.
3. D. L. Parnas and J. Madey, "Functional documents for computer systems," Sci. Comput. Program., vol. 25, no. 1, pp. 41-61, 1995.
4. I. Jureta, J. Mylopoulos, and S. Faulkner, "Revisiting the core ontology and problem in requirements engineering," in RE '08: Proceedings of the 2008 16th IEEE International Requirements Engineering Conference. Washington, DC, USA: IEEE Computer Society, 2008, pp. 71-80.
5. M. Hartong, R. Goel, and D. Wijesekera, "Meta-models for misuse cases," in CSIIRW '09: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research. New York, NY, USA: ACM, 2009, pp. 1-4.
6. A. Susi, A. Perini, J. Mylopoulos, and P. Giorgini, "The tropos metamodel and its use," Informatica (Slovenia), vol. 29, no. 4, pp. 401-408, 2005.
7. A. van Lamsweerde, "Elaborating security requirements by construction of intentional anti-models," in ICSE '04: Proceedings of the 26th International Conference on Software Engineering. Washington, DC, USA: IEEE Computer Society, 2004, pp. 148-157.
8. G. Elahi, E. S. K. Yu, and N. Zannone, "A modeling ontology for integrating vulnerabilities into security requirements conceptual foundations," in ER, ser. Lecture Notes in Computer Science, A. H. F. Laender, S. Castano, U. Dayal, F. Casati, and J. P. M. de Oliveira, Eds., vol. 5829. Springer, 2009, pp. 99-114.
9. G. Beydoun, G. Low, H. Mouratidis, and B. Henderson- Sellers, "A security-aware metamodel for multi-agent systems (mas)," Inf. Softw. Technol., vol. 51, no. 5, pp. 832-845, 2009.
10. P. Savolainen, E. Niemela, and R. Savola, "A taxonomy of information security for service-centric systems," in EUROMICRO '07: Proceedings of the 33rd EUROMICRO Conference on Software Engineering and Advanced Applications. Washington, DC, USA: IEEE Computer Society, 2007, pp. 5-12.
11. S.-W. Lee, R. Gandhi, D. Muthurajan, D. Yavagal, and G.-J. Ahn, "Building problem domain ontology from security requirements in regulatory documents," in SESS '06: Proceedings of the 2006 international workshop on Software engineering for secure systems. New York, NY, USA: ACM, 2006, pp. 43-50.
12. P. Giorgini, F. Massacci, and N. Zannone, "Security and trust requirements engineering," in Foundations of Security Analysis and Design III, 2005, pp. 237- 272.
13. A. van Lamsweerde, "Elaborating security requirements by construction of intentional anti-models," in ICSE '04: Proceedings of the 26th International Conference on Software Engineering, Washington, DC, USA, 2004, pp. 148-157.
14. A. Nhlabatsi, B. Nuseibeh, and Y. Yu, "Security requirements engineering for evolving software systems: A survey," Journal of Secure Software Engineering, vol. 1, pp. 54-73, 2009.
15. P. Giorgini, J. Mylopoulos, E. Nicchiarelli, and R. Sebastiani, "Reasoning with goal models," in Conceptual Modeling ER 2002, 2003, pp. 167-181.
16. R. S. Arnold, "Software change impact analysis," Computer, 1996.
17. C. F. Kemerer and S. Slaughter, "An empirical approach to studying software evolution," IEEE Trans. Softw. Eng., vol. 25, pp. 493-509, 1999.
18. T. Eisenbarth, R. Koschke, and D. Simon, "Locating features in source code," IEEE Trans. Softw. Eng., vol. 29, pp. 210-224, 2003.
19. R. Conradi and B. Westfechtel, "Version models for software configuration management," ACM Comput. Surv., vol. 30, pp. 232-282, 1998.
20. Medvidovic, A. Quilici, D. S. Rosenblum, and A. L. Wolf, "An architecture- based approach to self-adaptive software," IEEE Intelligent Systems, vol. 14, pp. 54-62, 1999.
21. A. T. T. Ying, G. C. Murphy, R. Ng, and M. C. Chu-Carroll, "Predicting source code changes by mining change history," IEEE Trans. Softw. Eng., vol. 30, pp. 574-586, 2004.
22. A. Egyed, "Fixing inconsistencies in uml design models," in Proceedings of the 29th international conference on Software Engineering. IEEE Computer Society, 2007.
23. C. Jones, "Software change management," Computer, vol. 29, pp. 80-82, 1996.
24. P. Besnard and A. Hunter, "Argumentation based on classical logic," in Argumentation in Artificial Intelligence, 2009, pp. 133-152.
25. P. Besnard and A. Hunter, -, "Practical first-order argumentation," in Proceedings of the 20th national conference on Artificial intelligence - Volume 2 Pittsburgh, Pennsylvania: AAAI Press, 2005.
26. C. I. Chesnevar, A. G. Maguitman, and R. P. Loui, "Logical models of argument," ACM Comput. Surv., vol. 32, pp. 337-383, 2000.
27. G. Governatori, M. J. Maher, G. Antoniou, and D. Billington, "Argumentation semantics for defeasible logic," J Logic Computation, vol. 14, pp. 675-702, 2004.
28. I. Jureta, J. Mylopoulos, and S. Faulkner, "Analysis of multiparty agreement in requirements validation," in 17th IEEE International Requirements Engineering Conference (RE'09), Atlanta, GA, USA, 2009,, 2009, pp. 57-66.
29. I. Habli, W. Wu, K. Attwood, and T. Kelly, "Extending argumentation to goal-oriented requirements engineering," in Advances in Conceptual Modeling Foundations and Applications, 2007, pp. 306-316.
30. C. B. Haley, R. C. Laney, J. D. Moffett, and B. Nuseibeh, "Security requirements engineering: A framework for representation and analysis," IEEE Trans. Software Eng., vol. 34, pp. 133-153, 2008.
31. R. Kowalski and M. Sergot, "A logic-based calculus of events," New Gen. Comput., vol. 4, no. 1, pp. 67-95, 1986.
32. M. Shanahan, "The event calculus explained," Lecture Notes in Computer Science, vol. 1600, pp. 409-430, 1999.
33. R. Miller and M. Shanahan, "The event calculus in classical logic - alternative axiomatisations," Electronic Transactions on Articial Intellligence, vol. 3, pp. 77-105, 1999.
34. J. McCarthy, Formalization of common sense, papers by John McCarthy edited by V. Lifschitz. Ablex, 1990.
35. L. Lamport, "What good is temporal logic?" in IFIP Congress, 1983, pp. 657-668.
36. D. Peled and T. Wilke, "Stutter-invariant temporal properties are expressible without the next-time operator," Inf. Process. Lett., vol. 63, no. 5, pp. 243-246, 1997.