Abstract
Because all the requirements analysts are not the experts of security, providing security knowledge automatically is one of the effective means for supporting security requirements elicitation. We propose a method for eliciting security requirements on the basis of Common Attack Patterns Enumeration and Classification (CAPEC). A requirements analyst can automatically acquire the candidates of attacks against a functional requirement with the help of our method. Because technical terms are mainly used in the descriptions in CAPEC and usual phrases are used in the requirements descriptions, there are gaps between them. To bridge the gaps, our method contains a mapping between technical terms and noun phrases called term maps.
Chapter PDF
Similar content being viewed by others
References
Capobianco, G., Lucia, A.D., Oliveto, R., Panichella, A., Panichella, S.: On the role of the nouns in ir-based traceability recovery. In: ICPC, pp. 148–157 (2009)
Houmb, S.H., Islam, S., Knauss, E., Jürjens, J., Schneider, K.: Eliciting security requirements and tracing them to design: An integration of common criteria, heuristics, and UMLsec. Requirements Engineering 15(1), 63–93 (2010)
Kaiya, H., Shimizu, Y., Yasui, H., Kaijiri, K., Saeki, M.: Enhancing domain knowledge for requirements elicitation with web mining. In: APSEC, pp. 3–12 (2010)
Kaiya, H., Suzuki, S., Ogawa, T., Tanigawa, M., Umemura, M., Kaijiri, K.: Spectrum analysis for software quality requirements using analyses records. In: COMPSAC Workshops, pp. 500–503 (2011)
Kaiya, H., Tanigawa, M., Suzuki, S., Sato, T., Kaijiri, K.: Spectrum analysis for quality requirements by using a term-characteristics map. In: van Eck, P., Gordijn, J., Wieringa, R. (eds.) CAiSE 2009. LNCS, vol. 5565, pp. 546–560. Springer, Heidelberg (2009)
Kitamura, M., Hasegawa, R., Kaiya, H., Saeki, M.: A Supporting Tool for Requirements Elicitation Using a Domain Ontology. In: Filipe, J., Shishkov, B., Helfert, M., Maciaszek, L.A. (eds.) ICSOFT/ENASE 2007. CCIS, vol. 22, pp. 128–140. Springer, Heidelberg (2008)
Okubo, T., Taguchi, K., Yoshioka, N.: Misuse cases + assets + security goals. In: CSE, vol. (3), pp. 424–429 (2009)
Saeki, M., Hayashi, S., Kaiya, H.: Enhancing goal-oriented security requirements analysis using common criteria-based knowledge. International Journal of Software Engineering and Knowledge Engineering 23(5), 695–720 (2013)
Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requir. Eng. 10(1), 34–44 (2005)
Zhao, Y., Dong, J., Peng, T.: Ontology classification for semantic-web-based software engineering. IEEE Transactions on Services Computing 2, 303–317 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Kaiya, H. et al. (2014). Security Requirements Analysis Using Knowledge in CAPEC. In: Iliadis, L., Papazoglou, M., Pohl, K. (eds) Advanced Information Systems Engineering Workshops. CAiSE 2014. Lecture Notes in Business Information Processing, vol 178. Springer, Cham. https://doi.org/10.1007/978-3-319-07869-4_32
Download citation
DOI: https://doi.org/10.1007/978-3-319-07869-4_32
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07868-7
Online ISBN: 978-3-319-07869-4
eBook Packages: Computer ScienceComputer Science (R0)