Security requirements analysis using knowledge in CAPEC

Haruhiko Kaiya, Sho Kono, Shinpei Ogata, Takao Okubo, Nobukazu Yoshioka, Hironori Washizaki, Kenji Kaijiri

研究成果: Conference contribution

4 被引用数 (Scopus)

抄録

Because all the requirements analysts are not the experts of security, providing security knowledge automatically is one of the effective means for supporting security requirements elicitation. We propose a method for eliciting security requirements on the basis of Common Attack Patterns Enumeration and Classification (CAPEC). A requirements analyst can automatically acquire the candidates of attacks against a functional requirement with the help of our method. Because technical terms are mainly used in the descriptions in CAPEC and usual phrases are used in the requirements descriptions, there are gaps between them. To bridge the gaps, our method contains a mapping between technical terms and noun phrases called term maps.

本文言語English
ホスト出版物のタイトルAdvanced Information Systems Engineering Workshops - CAiSE 2014 International Workshops, Proceedings
出版社Springer Verlag
ページ343-348
ページ数6
ISBN(印刷版)9783319078687
出版ステータスPublished - 2014
イベント26th International Conference on Advanced Information Systems Engineering, CAiSE 2014 - Thessaloniki, Greece
継続期間: 2014 6 162014 6 20

出版物シリーズ

名前Lecture Notes in Business Information Processing
178 LNBIP
ISSN(印刷版)1865-1348

Conference

Conference26th International Conference on Advanced Information Systems Engineering, CAiSE 2014
CountryGreece
CityThessaloniki
Period14/6/1614/6/20

ASJC Scopus subject areas

  • Management Information Systems
  • Control and Systems Engineering
  • Business and International Management
  • Information Systems
  • Modelling and Simulation
  • Information Systems and Management

フィンガープリント 「Security requirements analysis using knowledge in CAPEC」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル