Security requirements analysis using knowledge in CAPEC

Haruhiko Kaiya; Sho Kono; Shinpei Ogata; Takao Okubo; Nobukazu Yoshioka; Hironori Washizaki; Kenji Kaijiri

doi:10.1007/978-3-319-07869-4

Security requirements analysis using knowledge in CAPEC

Haruhiko Kaiya, Sho Kono, Shinpei Ogata, Takao Okubo, Nobukazu Yoshioka, Hironori Washizaki, Kenji Kaijiri

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Citations (Scopus)

Abstract

Because all the requirements analysts are not the experts of security, providing security knowledge automatically is one of the effective means for supporting security requirements elicitation. We propose a method for eliciting security requirements on the basis of Common Attack Patterns Enumeration and Classification (CAPEC). A requirements analyst can automatically acquire the candidates of attacks against a functional requirement with the help of our method. Because technical terms are mainly used in the descriptions in CAPEC and usual phrases are used in the requirements descriptions, there are gaps between them. To bridge the gaps, our method contains a mapping between technical terms and noun phrases called term maps.

Original language	English
Title of host publication	Lecture Notes in Business Information Processing
Publisher	Springer Verlag
Pages	343-348
Number of pages	6
Volume	178 LNBIP
ISBN (Print)	9783319078687
DOIs	https://doi.org/10.1007/978-3-319-07869-4
Publication status	Published - 2014
Event	26th International Conference on Advanced Information Systems Engineering, CAiSE 2014 - Thessaloniki Duration: 2014 Jun 16 → 2014 Jun 20

Publication series

Name	Lecture Notes in Business Information Processing
Volume	178 LNBIP
ISSN (Print)	18651348

Other

Other	26th International Conference on Advanced Information Systems Engineering, CAiSE 2014
City	Thessaloniki
Period	14/6/16 → 14/6/20

Fingerprint

Requirements Analysis

Security Analysis

Enumeration

Attack

Requirements

Term

Requirements Elicitation

Knowledge

Requirements analysis

Keywords

Requirements Elicitation
Requirements Engineering
Security Requirements
Structured Knowledge

ASJC Scopus subject areas

Business, Management and Accounting(all)
Business and International Management
Modelling and Simulation
Control and Systems Engineering
Management Information Systems
Information Systems and Management
Information Systems

Cite this

Kaiya, H., Kono, S., Ogata, S., Okubo, T., Yoshioka, N., Washizaki, H., & Kaijiri, K. (2014). Security requirements analysis using knowledge in CAPEC. In Lecture Notes in Business Information Processing (Vol. 178 LNBIP, pp. 343-348). (Lecture Notes in Business Information Processing; Vol. 178 LNBIP). Springer Verlag. https://doi.org/10.1007/978-3-319-07869-4

Security requirements analysis using knowledge in CAPEC. / Kaiya, Haruhiko; Kono, Sho; Ogata, Shinpei; Okubo, Takao; Yoshioka, Nobukazu; Washizaki, Hironori; Kaijiri, Kenji.

Lecture Notes in Business Information Processing. Vol. 178 LNBIP Springer Verlag, 2014. p. 343-348 (Lecture Notes in Business Information Processing; Vol. 178 LNBIP).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kaiya, H, Kono, S, Ogata, S, Okubo, T, Yoshioka, N, Washizaki, H & Kaijiri, K 2014, Security requirements analysis using knowledge in CAPEC. in Lecture Notes in Business Information Processing. vol. 178 LNBIP, Lecture Notes in Business Information Processing, vol. 178 LNBIP, Springer Verlag, pp. 343-348, 26th International Conference on Advanced Information Systems Engineering, CAiSE 2014, Thessaloniki, 14/6/16. https://doi.org/10.1007/978-3-319-07869-4

Kaiya H, Kono S, Ogata S, Okubo T, Yoshioka N, Washizaki H et al. Security requirements analysis using knowledge in CAPEC. In Lecture Notes in Business Information Processing. Vol. 178 LNBIP. Springer Verlag. 2014. p. 343-348. (Lecture Notes in Business Information Processing). https://doi.org/10.1007/978-3-319-07869-4

Kaiya, Haruhiko ; Kono, Sho ; Ogata, Shinpei ; Okubo, Takao ; Yoshioka, Nobukazu ; Washizaki, Hironori ; Kaijiri, Kenji. / Security requirements analysis using knowledge in CAPEC. Lecture Notes in Business Information Processing. Vol. 178 LNBIP Springer Verlag, 2014. pp. 343-348 (Lecture Notes in Business Information Processing).

@inproceedings{7138d0fb1aa14cd38aff74e8c41284f1,

title = "Security requirements analysis using knowledge in CAPEC",

abstract = "Because all the requirements analysts are not the experts of security, providing security knowledge automatically is one of the effective means for supporting security requirements elicitation. We propose a method for eliciting security requirements on the basis of Common Attack Patterns Enumeration and Classification (CAPEC). A requirements analyst can automatically acquire the candidates of attacks against a functional requirement with the help of our method. Because technical terms are mainly used in the descriptions in CAPEC and usual phrases are used in the requirements descriptions, there are gaps between them. To bridge the gaps, our method contains a mapping between technical terms and noun phrases called term maps.",

keywords = "Requirements Elicitation, Requirements Engineering, Security Requirements, Structured Knowledge",

author = "Haruhiko Kaiya and Sho Kono and Shinpei Ogata and Takao Okubo and Nobukazu Yoshioka and Hironori Washizaki and Kenji Kaijiri",

year = "2014",

doi = "10.1007/978-3-319-07869-4",

language = "English",

isbn = "9783319078687",

volume = "178 LNBIP",

series = "Lecture Notes in Business Information Processing",

publisher = "Springer Verlag",

pages = "343--348",

booktitle = "Lecture Notes in Business Information Processing",

}

TY - GEN

T1 - Security requirements analysis using knowledge in CAPEC

AU - Kaiya, Haruhiko

AU - Kono, Sho

AU - Ogata, Shinpei

AU - Okubo, Takao

AU - Yoshioka, Nobukazu

AU - Washizaki, Hironori

AU - Kaijiri, Kenji

PY - 2014

Y1 - 2014

N2 - Because all the requirements analysts are not the experts of security, providing security knowledge automatically is one of the effective means for supporting security requirements elicitation. We propose a method for eliciting security requirements on the basis of Common Attack Patterns Enumeration and Classification (CAPEC). A requirements analyst can automatically acquire the candidates of attacks against a functional requirement with the help of our method. Because technical terms are mainly used in the descriptions in CAPEC and usual phrases are used in the requirements descriptions, there are gaps between them. To bridge the gaps, our method contains a mapping between technical terms and noun phrases called term maps.

AB - Because all the requirements analysts are not the experts of security, providing security knowledge automatically is one of the effective means for supporting security requirements elicitation. We propose a method for eliciting security requirements on the basis of Common Attack Patterns Enumeration and Classification (CAPEC). A requirements analyst can automatically acquire the candidates of attacks against a functional requirement with the help of our method. Because technical terms are mainly used in the descriptions in CAPEC and usual phrases are used in the requirements descriptions, there are gaps between them. To bridge the gaps, our method contains a mapping between technical terms and noun phrases called term maps.

KW - Requirements Elicitation

KW - Requirements Engineering

KW - Security Requirements

KW - Structured Knowledge

UR - http://www.scopus.com/inward/record.url?scp=84904557233&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84904557233&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-07869-4

DO - 10.1007/978-3-319-07869-4

M3 - Conference contribution

SN - 9783319078687

VL - 178 LNBIP

T3 - Lecture Notes in Business Information Processing

SP - 343

EP - 348

BT - Lecture Notes in Business Information Processing

PB - Springer Verlag

ER -

Access to Document

10.1007/978-3-319-07869-4