Security requirements analysis using knowledge in CAPEC

Haruhiko Kaiya, Sho Kono, Shinpei Ogata, Takao Okubo, Nobukazu Yoshioka, Hironori Washizaki, Kenji Kaijiri

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

Because all the requirements analysts are not the experts of security, providing security knowledge automatically is one of the effective means for supporting security requirements elicitation. We propose a method for eliciting security requirements on the basis of Common Attack Patterns Enumeration and Classification (CAPEC). A requirements analyst can automatically acquire the candidates of attacks against a functional requirement with the help of our method. Because technical terms are mainly used in the descriptions in CAPEC and usual phrases are used in the requirements descriptions, there are gaps between them. To bridge the gaps, our method contains a mapping between technical terms and noun phrases called term maps.

Original languageEnglish
Title of host publicationAdvanced Information Systems Engineering Workshops - CAiSE 2014 International Workshops, Proceedings
PublisherSpringer Verlag
Pages343-348
Number of pages6
ISBN (Print)9783319078687
Publication statusPublished - 2014 Jan 1
Event26th International Conference on Advanced Information Systems Engineering, CAiSE 2014 - Thessaloniki, Greece
Duration: 2014 Jun 162014 Jun 20

Publication series

NameLecture Notes in Business Information Processing
Volume178 LNBIP
ISSN (Print)1865-1348

Conference

Conference26th International Conference on Advanced Information Systems Engineering, CAiSE 2014
CountryGreece
CityThessaloniki
Period14/6/1614/6/20

    Fingerprint

Keywords

  • Requirements Elicitation
  • Requirements Engineering
  • Security Requirements
  • Structured Knowledge

ASJC Scopus subject areas

  • Management Information Systems
  • Control and Systems Engineering
  • Business and International Management
  • Information Systems
  • Modelling and Simulation
  • Information Systems and Management

Cite this

Kaiya, H., Kono, S., Ogata, S., Okubo, T., Yoshioka, N., Washizaki, H., & Kaijiri, K. (2014). Security requirements analysis using knowledge in CAPEC. In Advanced Information Systems Engineering Workshops - CAiSE 2014 International Workshops, Proceedings (pp. 343-348). (Lecture Notes in Business Information Processing; Vol. 178 LNBIP). Springer Verlag.