Pub Date : 2014-09-08DOI: 10.1109/ESPRE.2014.6890527
A. Alebrahim, Denis Hatebur, Ludger Goeke
For accepting clouds and using cloud services by companies, security plays a decisive role. For cloud providers, one way to obtain customers' confidence is to establish security mechanisms when using clouds. The ISO 27001 standard provides general concepts for establishing information security in an organization. Risk analysis is an essential part in the ISO 27001 standard for achieving information security. This standard, however, contains ambiguous descriptions. In addition, it does not stipulate any method to identify assets, threats, and vulnerabilities. In this paper, we present a structured and pattern-based method to conduct risk analysis for cloud computing systems. It is tailored to SMEs. Our method addresses the requirements of the ISO 27001. We make use of the cloud system analysis pattern, security requirement patterns, threat patterns, and control patterns for conducting the risk analysis. The method is illustrated by a cloud logistics application example.
{"title":"Pattern-based and ISO 27001 compliant risk analysis for cloud systems","authors":"A. Alebrahim, Denis Hatebur, Ludger Goeke","doi":"10.1109/ESPRE.2014.6890527","DOIUrl":"https://doi.org/10.1109/ESPRE.2014.6890527","url":null,"abstract":"For accepting clouds and using cloud services by companies, security plays a decisive role. For cloud providers, one way to obtain customers' confidence is to establish security mechanisms when using clouds. The ISO 27001 standard provides general concepts for establishing information security in an organization. Risk analysis is an essential part in the ISO 27001 standard for achieving information security. This standard, however, contains ambiguous descriptions. In addition, it does not stipulate any method to identify assets, threats, and vulnerabilities. In this paper, we present a structured and pattern-based method to conduct risk analysis for cloud computing systems. It is tailored to SMEs. Our method addresses the requirements of the ISO 27001. We make use of the cloud system analysis pattern, security requirement patterns, threat patterns, and control patterns for conducting the risk analysis. The method is illustrated by a cloud logistics application example.","PeriodicalId":274809,"journal":{"name":"2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125640072","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2014-09-08DOI: 10.1109/ESPRE.2014.6890525
Wolfgang Raschke, Massimiliano Zilli, Philip Baumgartner, Johannes Loinig, C. Steger, Christian Kreiner
At present, security-related engineering usually requires a big up-front design (BUFD) regarding security requirements and security design. In addition to the BUFD, at the end of the development, a security evaluation process can take up to several months. In today's volatile markets customers want to influence the software design during the development process. Agile processes have proven to support these demands. Nevertheless, there is a clash with traditional security design and evaluation processes. In this paper, we propose an agile security evaluation method for the Common Criteria standard. This method is complemented by an implementation of a change detection analysis for model-based security requirements. This system facilitates the agile security evaluation process to a high degree.
{"title":"Supporting evolving security models for an agile security evaluation","authors":"Wolfgang Raschke, Massimiliano Zilli, Philip Baumgartner, Johannes Loinig, C. Steger, Christian Kreiner","doi":"10.1109/ESPRE.2014.6890525","DOIUrl":"https://doi.org/10.1109/ESPRE.2014.6890525","url":null,"abstract":"At present, security-related engineering usually requires a big up-front design (BUFD) regarding security requirements and security design. In addition to the BUFD, at the end of the development, a security evaluation process can take up to several months. In today's volatile markets customers want to influence the software design during the development process. Agile processes have proven to support these demands. Nevertheless, there is a clash with traditional security design and evaluation processes. In this paper, we propose an agile security evaluation method for the Common Criteria standard. This method is complemented by an implementation of a change detection analysis for model-based security requirements. This system facilitates the agile security evaluation process to a high degree.","PeriodicalId":274809,"journal":{"name":"2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)","volume":"103 24","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113945917","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2014-09-08DOI: 10.1109/ESPRE.2014.6890522
Hanan Hibshi, T. Breaux, M. Riaz, L. Williams
Research shows that commonly accepted security requirements are not generally applied in practice. Instead of relying on requirements checklists, security experts rely on their expertise and background knowledge to identify security vulnerabilities. To understand the gap between available checklists and practice, we conducted a series of interviews to encode the decision-making process of security experts and novices during security requirements analysis. Participants were asked to analyze two types of artifacts: source code, and network diagrams for vulnerabilities and to apply a requirements checklist to mitigate some of those vulnerabilities. We framed our study using Situation Awareness-a cognitive theory from psychology-to elicit responses that we later analyzed using coding theory and grounded analysis. We report our preliminary results of analyzing two interviews that reveal possible decision-making patterns that could characterize how analysts perceive, comprehend and project future threats which leads them to decide upon requirements and their specifications, in addition, to how experts use assumptions to overcome ambiguity in specifications. Our goal is to build a model that researchers can use to evaluate their security requirements methods against how experts transition through different situation awareness levels in their decision-making process.
{"title":"Towards a framework to measure security expertise in requirements analysis","authors":"Hanan Hibshi, T. Breaux, M. Riaz, L. Williams","doi":"10.1109/ESPRE.2014.6890522","DOIUrl":"https://doi.org/10.1109/ESPRE.2014.6890522","url":null,"abstract":"Research shows that commonly accepted security requirements are not generally applied in practice. Instead of relying on requirements checklists, security experts rely on their expertise and background knowledge to identify security vulnerabilities. To understand the gap between available checklists and practice, we conducted a series of interviews to encode the decision-making process of security experts and novices during security requirements analysis. Participants were asked to analyze two types of artifacts: source code, and network diagrams for vulnerabilities and to apply a requirements checklist to mitigate some of those vulnerabilities. We framed our study using Situation Awareness-a cognitive theory from psychology-to elicit responses that we later analyzed using coding theory and grounded analysis. We report our preliminary results of analyzing two interviews that reveal possible decision-making patterns that could characterize how analysts perceive, comprehend and project future threats which leads them to decide upon requirements and their specifications, in addition, to how experts use assumptions to overcome ambiguity in specifications. Our goal is to build a model that researchers can use to evaluate their security requirements methods against how experts transition through different situation awareness levels in their decision-making process.","PeriodicalId":274809,"journal":{"name":"2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)","volume":"273 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115284845","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2014-09-08DOI: 10.1109/ESPRE.2014.6890524
Aaron Alva, Lisa R. Young
Laws and regulations must be considered in the requirements engineering process to help ensure legal compliance when developing software or engineering systems. To incorporate legal compliance considerations into the requirements engineering process, we introduce a preliminary extension of the SQUARE methodology, called L-SQUARE. In this paper, we develop L-SQUARE by discussing legal compliance concerns at each of the traditional nine steps in SQUARE. Then, we link existing research in requirements engineering and the law to each step, emphasizing where compliance concerns can be addressed. This preliminary extension of SQUARE sets existing research into an established methodology for requirements engineering, creating a framework for situating current research in legal compliance, and identifying gaps for future work.
{"title":"L-SQUARE: Preliminary extension of the SQUARE methodology to address legal compliance","authors":"Aaron Alva, Lisa R. Young","doi":"10.1109/ESPRE.2014.6890524","DOIUrl":"https://doi.org/10.1109/ESPRE.2014.6890524","url":null,"abstract":"Laws and regulations must be considered in the requirements engineering process to help ensure legal compliance when developing software or engineering systems. To incorporate legal compliance considerations into the requirements engineering process, we introduce a preliminary extension of the SQUARE methodology, called L-SQUARE. In this paper, we develop L-SQUARE by discussing legal compliance concerns at each of the traditional nine steps in SQUARE. Then, we link existing research in requirements engineering and the law to each step, emphasizing where compliance concerns can be addressed. This preliminary extension of SQUARE sets existing research into an established methodology for requirements engineering, creating a framework for situating current research in legal compliance, and identifying gaps for future work.","PeriodicalId":274809,"journal":{"name":"2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129274828","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2014-08-25DOI: 10.1109/ESPRE.2014.6890521
D. Ionita, Jan-Willem Bullee, R. Wieringa
Information Security Risk Assessment can be viewed as part of requirements engineering because it is used to translate security goals into security requirements, where security requirements are the desired system properties that mitigate threats to security goals. To improve the defensibility of these mitigations, several researchers have attempted to base risk assessment on argumentation structures. However, none of these approaches have so far been scalable or usable in real-world risk assessments. In this paper, we present the results from our search for a scalable argumentation-based information security RA method. We start from previous work on both formal argumentation frameworks and informal argument structuring and try to find a promising middle ground. An initial prototype using spreadsheets is validated and iteratively improved via several Case Studies. Challenges such as scalability, quantify-ability, ease of use, and relation to existing work in parallel fields are discussed. Finally, we explore the scope and applicability of our approach with regard to various classes of Information Systems while also drawing more general conclusions on the role of argumentation in security.
{"title":"Argumentation-based security requirements elicitation: The next round","authors":"D. Ionita, Jan-Willem Bullee, R. Wieringa","doi":"10.1109/ESPRE.2014.6890521","DOIUrl":"https://doi.org/10.1109/ESPRE.2014.6890521","url":null,"abstract":"Information Security Risk Assessment can be viewed as part of requirements engineering because it is used to translate security goals into security requirements, where security requirements are the desired system properties that mitigate threats to security goals. To improve the defensibility of these mitigations, several researchers have attempted to base risk assessment on argumentation structures. However, none of these approaches have so far been scalable or usable in real-world risk assessments. In this paper, we present the results from our search for a scalable argumentation-based information security RA method. We start from previous work on both formal argumentation frameworks and informal argument structuring and try to find a promising middle ground. An initial prototype using spreadsheets is validated and iteratively improved via several Case Studies. Challenges such as scalability, quantify-ability, ease of use, and relation to existing work in parallel fields are discussed. Finally, we explore the scope and applicability of our approach with regard to various classes of Information Systems while also drawing more general conclusions on the role of argumentation in security.","PeriodicalId":274809,"journal":{"name":"2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117202236","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2014-08-01DOI: 10.1109/ESPRE.2014.6890526
Naney R. Mead, J. Morales
In this position paper, we propose to enhance current software development lifecycle models by including use cases, based on previous cyberattacks and their associated malware, and to propose an open research question: Are specific types of systems prone to specific classes of malware exploits? If this is the case, developers can create future systems that are more secure, from inception, by including use cases that address previous attacks.
{"title":"Using malware analysis to improve security requirements on future systems","authors":"Naney R. Mead, J. Morales","doi":"10.1109/ESPRE.2014.6890526","DOIUrl":"https://doi.org/10.1109/ESPRE.2014.6890526","url":null,"abstract":"In this position paper, we propose to enhance current software development lifecycle models by including use cases, based on previous cyberattacks and their associated malware, and to propose an open research question: Are specific types of systems prone to specific classes of malware exploits? If this is the case, developers can create future systems that are more secure, from inception, by including use cases that address previous attacks.","PeriodicalId":274809,"journal":{"name":"2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124405069","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2014-08-01DOI: 10.1109/ESPRE.2014.6890523
Y. Martín, J. D. Álamo, J. Yelmo
The Privacy by Design approach to systems engineering introduces privacy requirements in the early stages of development, instead of patching up a built system afterwards. However, `vague', `disconnected from technology', or `aspirational' are some terms employed nowadays to refer to the privacy principles which must lead the development process. Although privacy has become a first-class citizen in the realm of non-functional requirements and some methodological frameworks help developers by providing design guidance, software engineers often miss a solid reference detailing which specific, technical requirements they must abide by, and a systematic methodology to follow. In this position paper, we look into a domain that has already successfully tackled these problems - web accessibility -, and propose translating their findings into the realm of privacy requirements engineering, analyzing as well the gaps not yet covered by current privacy initiatives.
{"title":"Engineering privacy requirements valuable lessons from another realm","authors":"Y. Martín, J. D. Álamo, J. Yelmo","doi":"10.1109/ESPRE.2014.6890523","DOIUrl":"https://doi.org/10.1109/ESPRE.2014.6890523","url":null,"abstract":"The Privacy by Design approach to systems engineering introduces privacy requirements in the early stages of development, instead of patching up a built system afterwards. However, `vague', `disconnected from technology', or `aspirational' are some terms employed nowadays to refer to the privacy principles which must lead the development process. Although privacy has become a first-class citizen in the realm of non-functional requirements and some methodological frameworks help developers by providing design guidance, software engineers often miss a solid reference detailing which specific, technical requirements they must abide by, and a systematic methodology to follow. In this position paper, we look into a domain that has already successfully tackled these problems - web accessibility -, and propose translating their findings into the realm of privacy requirements engineering, analyzing as well the gaps not yet covered by current privacy initiatives.","PeriodicalId":274809,"journal":{"name":"2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)","volume":"70 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123153175","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2014-08-01DOI: 10.1109/ESPRE.2014.6890520
Tom-Michael Hesse, Stefan Gärtner, T. Roehm, B. Paech, K. Schneider, B. Brügge
Security issues can have a significant negative impact on the business or reputation of an organization. In most cases they are not identified in requirements and are not continuously monitored during software evolution. Therefore, the inability of a system to conform to regulations or its endangerment by new vulnerabilities is not recognized. In consequence, decisions related to security might not be taken at all or become obsolete quickly. But to evaluate efficiently whether an issue is already addressed appropriately, software engineers need explicit decision documentation. Often, such documentation is not performed due to high overhead. To cope with this problem, we propose to document decisions made to address security requirements. To lower the manual effort, information from heuristic analysis and end user monitoring is incorporated. The heuristic assessment method is used to identify security issues in given requirements automatically. This helps to uncover security decisions needed to mitigate those issues. We describe how the corresponding security knowledge for each issue can be incorporated into the decision documentation semiautomatically. In addition, violations of security requirements at runtime are monitored. We show how decisions related to those security requirements can be identified through the documentation and updated manually. Overall, our approach improves the quality and completeness of security decision documentation to support the engineering and evolution of security requirements.
{"title":"Semiautomatic security requirements engineering and evolution using decision documentation, heuristics, and user monitoring","authors":"Tom-Michael Hesse, Stefan Gärtner, T. Roehm, B. Paech, K. Schneider, B. Brügge","doi":"10.1109/ESPRE.2014.6890520","DOIUrl":"https://doi.org/10.1109/ESPRE.2014.6890520","url":null,"abstract":"Security issues can have a significant negative impact on the business or reputation of an organization. In most cases they are not identified in requirements and are not continuously monitored during software evolution. Therefore, the inability of a system to conform to regulations or its endangerment by new vulnerabilities is not recognized. In consequence, decisions related to security might not be taken at all or become obsolete quickly. But to evaluate efficiently whether an issue is already addressed appropriately, software engineers need explicit decision documentation. Often, such documentation is not performed due to high overhead. To cope with this problem, we propose to document decisions made to address security requirements. To lower the manual effort, information from heuristic analysis and end user monitoring is incorporated. The heuristic assessment method is used to identify security issues in given requirements automatically. This helps to uncover security decisions needed to mitigate those issues. We describe how the corresponding security knowledge for each issue can be incorporated into the decision documentation semiautomatically. In addition, violations of security requirements at runtime are monitored. We show how decisions related to those security requirements can be identified through the documentation and updated manually. Overall, our approach improves the quality and completeness of security decision documentation to support the engineering and evolution of security requirements.","PeriodicalId":274809,"journal":{"name":"2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128988843","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: