Security requirements analysis using knowledge in CAPEC

Haruhiko Kaiya, Sho Kono, Shinpei Ogata, Takao Okubo, Nobukazu Yoshioka, Hironori Washizaki, Kenji Kaijiri

    研究成果: Conference contribution

    4 引用 (Scopus)

    抄録

    Because all the requirements analysts are not the experts of security, providing security knowledge automatically is one of the effective means for supporting security requirements elicitation. We propose a method for eliciting security requirements on the basis of Common Attack Patterns Enumeration and Classification (CAPEC). A requirements analyst can automatically acquire the candidates of attacks against a functional requirement with the help of our method. Because technical terms are mainly used in the descriptions in CAPEC and usual phrases are used in the requirements descriptions, there are gaps between them. To bridge the gaps, our method contains a mapping between technical terms and noun phrases called term maps.

    元の言語English
    ホスト出版物のタイトルLecture Notes in Business Information Processing
    出版者Springer Verlag
    ページ343-348
    ページ数6
    178 LNBIP
    ISBN(印刷物)9783319078687
    DOI
    出版物ステータスPublished - 2014
    イベント26th International Conference on Advanced Information Systems Engineering, CAiSE 2014 - Thessaloniki
    継続期間: 2014 6 162014 6 20

    出版物シリーズ

    名前Lecture Notes in Business Information Processing
    178 LNBIP
    ISSN(印刷物)18651348

    Other

    Other26th International Conference on Advanced Information Systems Engineering, CAiSE 2014
    Thessaloniki
    期間14/6/1614/6/20

    Fingerprint

    Requirements Analysis
    Security Analysis
    Enumeration
    Attack
    Requirements
    Term
    Requirements Elicitation
    Knowledge
    Requirements analysis

    ASJC Scopus subject areas

    • Business, Management and Accounting(all)
    • Business and International Management
    • Modelling and Simulation
    • Control and Systems Engineering
    • Management Information Systems
    • Information Systems and Management
    • Information Systems

    これを引用

    Kaiya, H., Kono, S., Ogata, S., Okubo, T., Yoshioka, N., Washizaki, H., & Kaijiri, K. (2014). Security requirements analysis using knowledge in CAPEC. : Lecture Notes in Business Information Processing (巻 178 LNBIP, pp. 343-348). (Lecture Notes in Business Information Processing; 巻数 178 LNBIP). Springer Verlag. https://doi.org/10.1007/978-3-319-07869-4

    Security requirements analysis using knowledge in CAPEC. / Kaiya, Haruhiko; Kono, Sho; Ogata, Shinpei; Okubo, Takao; Yoshioka, Nobukazu; Washizaki, Hironori; Kaijiri, Kenji.

    Lecture Notes in Business Information Processing. 巻 178 LNBIP Springer Verlag, 2014. p. 343-348 (Lecture Notes in Business Information Processing; 巻 178 LNBIP).

    研究成果: Conference contribution

    Kaiya, H, Kono, S, Ogata, S, Okubo, T, Yoshioka, N, Washizaki, H & Kaijiri, K 2014, Security requirements analysis using knowledge in CAPEC. : Lecture Notes in Business Information Processing. 巻. 178 LNBIP, Lecture Notes in Business Information Processing, 巻. 178 LNBIP, Springer Verlag, pp. 343-348, 26th International Conference on Advanced Information Systems Engineering, CAiSE 2014, Thessaloniki, 14/6/16. https://doi.org/10.1007/978-3-319-07869-4
    Kaiya H, Kono S, Ogata S, Okubo T, Yoshioka N, Washizaki H その他. Security requirements analysis using knowledge in CAPEC. : Lecture Notes in Business Information Processing. 巻 178 LNBIP. Springer Verlag. 2014. p. 343-348. (Lecture Notes in Business Information Processing). https://doi.org/10.1007/978-3-319-07869-4
    Kaiya, Haruhiko ; Kono, Sho ; Ogata, Shinpei ; Okubo, Takao ; Yoshioka, Nobukazu ; Washizaki, Hironori ; Kaijiri, Kenji. / Security requirements analysis using knowledge in CAPEC. Lecture Notes in Business Information Processing. 巻 178 LNBIP Springer Verlag, 2014. pp. 343-348 (Lecture Notes in Business Information Processing).
    @inproceedings{7138d0fb1aa14cd38aff74e8c41284f1,
    title = "Security requirements analysis using knowledge in CAPEC",
    abstract = "Because all the requirements analysts are not the experts of security, providing security knowledge automatically is one of the effective means for supporting security requirements elicitation. We propose a method for eliciting security requirements on the basis of Common Attack Patterns Enumeration and Classification (CAPEC). A requirements analyst can automatically acquire the candidates of attacks against a functional requirement with the help of our method. Because technical terms are mainly used in the descriptions in CAPEC and usual phrases are used in the requirements descriptions, there are gaps between them. To bridge the gaps, our method contains a mapping between technical terms and noun phrases called term maps.",
    keywords = "Requirements Elicitation, Requirements Engineering, Security Requirements, Structured Knowledge",
    author = "Haruhiko Kaiya and Sho Kono and Shinpei Ogata and Takao Okubo and Nobukazu Yoshioka and Hironori Washizaki and Kenji Kaijiri",
    year = "2014",
    doi = "10.1007/978-3-319-07869-4",
    language = "English",
    isbn = "9783319078687",
    volume = "178 LNBIP",
    series = "Lecture Notes in Business Information Processing",
    publisher = "Springer Verlag",
    pages = "343--348",
    booktitle = "Lecture Notes in Business Information Processing",

    }

    TY - GEN

    T1 - Security requirements analysis using knowledge in CAPEC

    AU - Kaiya, Haruhiko

    AU - Kono, Sho

    AU - Ogata, Shinpei

    AU - Okubo, Takao

    AU - Yoshioka, Nobukazu

    AU - Washizaki, Hironori

    AU - Kaijiri, Kenji

    PY - 2014

    Y1 - 2014

    N2 - Because all the requirements analysts are not the experts of security, providing security knowledge automatically is one of the effective means for supporting security requirements elicitation. We propose a method for eliciting security requirements on the basis of Common Attack Patterns Enumeration and Classification (CAPEC). A requirements analyst can automatically acquire the candidates of attacks against a functional requirement with the help of our method. Because technical terms are mainly used in the descriptions in CAPEC and usual phrases are used in the requirements descriptions, there are gaps between them. To bridge the gaps, our method contains a mapping between technical terms and noun phrases called term maps.

    AB - Because all the requirements analysts are not the experts of security, providing security knowledge automatically is one of the effective means for supporting security requirements elicitation. We propose a method for eliciting security requirements on the basis of Common Attack Patterns Enumeration and Classification (CAPEC). A requirements analyst can automatically acquire the candidates of attacks against a functional requirement with the help of our method. Because technical terms are mainly used in the descriptions in CAPEC and usual phrases are used in the requirements descriptions, there are gaps between them. To bridge the gaps, our method contains a mapping between technical terms and noun phrases called term maps.

    KW - Requirements Elicitation

    KW - Requirements Engineering

    KW - Security Requirements

    KW - Structured Knowledge

    UR - http://www.scopus.com/inward/record.url?scp=84904557233&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84904557233&partnerID=8YFLogxK

    U2 - 10.1007/978-3-319-07869-4

    DO - 10.1007/978-3-319-07869-4

    M3 - Conference contribution

    AN - SCOPUS:84904557233

    SN - 9783319078687

    VL - 178 LNBIP

    T3 - Lecture Notes in Business Information Processing

    SP - 343

    EP - 348

    BT - Lecture Notes in Business Information Processing

    PB - Springer Verlag

    ER -

    文献にアクセス