使用本体和样板的基于模式的安全需求规范

2012 Second IEEE International Workshop on Requirements Patterns (RePa) Pub Date : 2012-11-26 DOI:10.1109/RePa.2012.6359973

O. Daramola, G. Sindre, T. Stålhane

{"title":"使用本体和样板的基于模式的安全需求规范","authors":"O. Daramola, G. Sindre, T. Stålhane","doi":"10.1109/RePa.2012.6359973","DOIUrl":null,"url":null,"abstract":"The task of specifying and managing security requirements (SR) is a challenging one. Usually SR are often neglected or considered too late - leading to poor design, and cost overruns. Also, there is scarce expertise in managing SR, because most requirements engineering teams do not include security experts, which leads to prevalence of too vague or overly specific SR. In this work, we present an ontology-based approach that uses predefined pattern-based templates - requirements boilerplates - to aid requirements engineers in the formulation of SR. We realized the approach via a prototype tool that enables the formulation of SR from textual misuse case (TMUC) descriptions of security threat scenarios. The results from a preliminary evaluation suggest the viability of the proposed approach, in that the tool was judged as easy to use, supports reuse, and facilitates the formulation of good quality SR.","PeriodicalId":255558,"journal":{"name":"2012 Second IEEE International Workshop on Requirements Patterns (RePa)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-11-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"33","resultStr":"{\"title\":\"Pattern-based security requirements specification using ontologies and boilerplates\",\"authors\":\"O. Daramola, G. Sindre, T. Stålhane\",\"doi\":\"10.1109/RePa.2012.6359973\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The task of specifying and managing security requirements (SR) is a challenging one. Usually SR are often neglected or considered too late - leading to poor design, and cost overruns. Also, there is scarce expertise in managing SR, because most requirements engineering teams do not include security experts, which leads to prevalence of too vague or overly specific SR. In this work, we present an ontology-based approach that uses predefined pattern-based templates - requirements boilerplates - to aid requirements engineers in the formulation of SR. We realized the approach via a prototype tool that enables the formulation of SR from textual misuse case (TMUC) descriptions of security threat scenarios. The results from a preliminary evaluation suggest the viability of the proposed approach, in that the tool was judged as easy to use, supports reuse, and facilitates the formulation of good quality SR.\",\"PeriodicalId\":255558,\"journal\":{\"name\":\"2012 Second IEEE International Workshop on Requirements Patterns (RePa)\",\"volume\":\"38 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-11-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"33\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 Second IEEE International Workshop on Requirements Patterns (RePa)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/RePa.2012.6359973\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 Second IEEE International Workshop on Requirements Patterns (RePa)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RePa.2012.6359973","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 33

摘要

指定和管理安全需求(SR)是一项具有挑战性的任务。通常，SR常常被忽视或考虑得太晚，从而导致糟糕的设计和成本超支。同样，在管理SR方面缺乏专业知识，因为大多数需求工程团队不包括安全专家，这导致了过于模糊或过于具体的SR的流行。我们提出了一种基于本体的方法，该方法使用预定义的基于模式的模板——需求样板——来帮助需求工程师制定SR。我们通过一个原型工具实现了该方法，该工具可以根据安全威胁场景的文本误用案例(TMUC)描述来制定SR。初步评估的结果表明所建议的方法的可行性，因为该工具被认为易于使用，支持重用，并有助于制定高质量的SR。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Pattern-based security requirements specification using ontologies and boilerplates

The task of specifying and managing security requirements (SR) is a challenging one. Usually SR are often neglected or considered too late - leading to poor design, and cost overruns. Also, there is scarce expertise in managing SR, because most requirements engineering teams do not include security experts, which leads to prevalence of too vague or overly specific SR. In this work, we present an ontology-based approach that uses predefined pattern-based templates - requirements boilerplates - to aid requirements engineers in the formulation of SR. We realized the approach via a prototype tool that enables the formulation of SR from textual misuse case (TMUC) descriptions of security threat scenarios. The results from a preliminary evaluation suggest the viability of the proposed approach, in that the tool was judged as easy to use, supports reuse, and facilitates the formulation of good quality SR.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2012 Second IEEE International Workshop on Requirements Patterns (RePa)

自引率

0.00%

发文量