Abstract
Because all the requirements analysts are not the experts of security, providing security knowledge automatically is one of the effective means for supporting security requirements elicitation. We propose a method for eliciting security requirements on the basis of Common Attack Patterns Enumeration and Classification (CAPEC). A requirements analyst can automatically acquire the candidates of attacks against a functional requirement with the help of our method. Because technical terms are mainly used in the descriptions in CAPEC and usual phrases are used in the requirements descriptions, there are gaps between them. To bridge the gaps, our method contains a mapping between technical terms and noun phrases called term maps.
Original language | English |
---|---|
Title of host publication | Lecture Notes in Business Information Processing |
Publisher | Springer Verlag |
Pages | 343-348 |
Number of pages | 6 |
Volume | 178 LNBIP |
ISBN (Print) | 9783319078687 |
DOIs | |
Publication status | Published - 2014 |
Event | 26th International Conference on Advanced Information Systems Engineering, CAiSE 2014 - Thessaloniki Duration: 2014 Jun 16 → 2014 Jun 20 |
Publication series
Name | Lecture Notes in Business Information Processing |
---|---|
Volume | 178 LNBIP |
ISSN (Print) | 18651348 |
Other
Other | 26th International Conference on Advanced Information Systems Engineering, CAiSE 2014 |
---|---|
City | Thessaloniki |
Period | 14/6/16 → 14/6/20 |
Fingerprint
Keywords
- Requirements Elicitation
- Requirements Engineering
- Security Requirements
- Structured Knowledge
ASJC Scopus subject areas
- Business, Management and Accounting(all)
- Business and International Management
- Modelling and Simulation
- Control and Systems Engineering
- Management Information Systems
- Information Systems and Management
- Information Systems
Cite this
Security requirements analysis using knowledge in CAPEC. / Kaiya, Haruhiko; Kono, Sho; Ogata, Shinpei; Okubo, Takao; Yoshioka, Nobukazu; Washizaki, Hironori; Kaijiri, Kenji.
Lecture Notes in Business Information Processing. Vol. 178 LNBIP Springer Verlag, 2014. p. 343-348 (Lecture Notes in Business Information Processing; Vol. 178 LNBIP).Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - Security requirements analysis using knowledge in CAPEC
AU - Kaiya, Haruhiko
AU - Kono, Sho
AU - Ogata, Shinpei
AU - Okubo, Takao
AU - Yoshioka, Nobukazu
AU - Washizaki, Hironori
AU - Kaijiri, Kenji
PY - 2014
Y1 - 2014
N2 - Because all the requirements analysts are not the experts of security, providing security knowledge automatically is one of the effective means for supporting security requirements elicitation. We propose a method for eliciting security requirements on the basis of Common Attack Patterns Enumeration and Classification (CAPEC). A requirements analyst can automatically acquire the candidates of attacks against a functional requirement with the help of our method. Because technical terms are mainly used in the descriptions in CAPEC and usual phrases are used in the requirements descriptions, there are gaps between them. To bridge the gaps, our method contains a mapping between technical terms and noun phrases called term maps.
AB - Because all the requirements analysts are not the experts of security, providing security knowledge automatically is one of the effective means for supporting security requirements elicitation. We propose a method for eliciting security requirements on the basis of Common Attack Patterns Enumeration and Classification (CAPEC). A requirements analyst can automatically acquire the candidates of attacks against a functional requirement with the help of our method. Because technical terms are mainly used in the descriptions in CAPEC and usual phrases are used in the requirements descriptions, there are gaps between them. To bridge the gaps, our method contains a mapping between technical terms and noun phrases called term maps.
KW - Requirements Elicitation
KW - Requirements Engineering
KW - Security Requirements
KW - Structured Knowledge
UR - http://www.scopus.com/inward/record.url?scp=84904557233&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84904557233&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-07869-4
DO - 10.1007/978-3-319-07869-4
M3 - Conference contribution
AN - SCOPUS:84904557233
SN - 9783319078687
VL - 178 LNBIP
T3 - Lecture Notes in Business Information Processing
SP - 343
EP - 348
BT - Lecture Notes in Business Information Processing
PB - Springer Verlag
ER -