Security requirements analysis using knowledge in CAPEC

Haruhiko Kaiya; Sho Kono; Shinpei Ogata; Takao Okubo; Nobukazu Yoshioka; Hironori Washizaki; Kenji Kaijiri

Security requirements analysis using knowledge in CAPEC

Haruhiko Kaiya, Sho Kono, Shinpei Ogata, Takao Okubo, Nobukazu Yoshioka, Hironori Washizaki, Kenji Kaijiri

基幹理工学部

研究成果: Conference contribution

5 被引用数 (Scopus)

抄録

Because all the requirements analysts are not the experts of security, providing security knowledge automatically is one of the effective means for supporting security requirements elicitation. We propose a method for eliciting security requirements on the basis of Common Attack Patterns Enumeration and Classification (CAPEC). A requirements analyst can automatically acquire the candidates of attacks against a functional requirement with the help of our method. Because technical terms are mainly used in the descriptions in CAPEC and usual phrases are used in the requirements descriptions, there are gaps between them. To bridge the gaps, our method contains a mapping between technical terms and noun phrases called term maps.

本文言語	English
ホスト出版物のタイトル	Advanced Information Systems Engineering Workshops - CAiSE 2014 International Workshops, Proceedings
出版社	Springer Verlag
ページ	343-348
ページ数	6
ISBN（印刷版）	9783319078687
出版ステータス	Published - 2014
イベント	26th International Conference on Advanced Information Systems Engineering, CAiSE 2014 - Thessaloniki, Greece 継続期間: 2014 6 16 → 2014 6 20

出版物シリーズ

名前	Lecture Notes in Business Information Processing
巻	178 LNBIP
ISSN（印刷版）	1865-1348

Conference

Conference	26th International Conference on Advanced Information Systems Engineering, CAiSE 2014
国/地域	Greece
City	Thessaloniki
Period	14/6/16 → 14/6/20

ASJC Scopus subject areas

管理情報システム
制御およびシステム工学
ビジネスおよび国際経営
情報システム
モデリングとシミュレーション
情報システムおよび情報管理

他のファイルとリンク

引用スタイル

Security requirements analysis using knowledge in CAPEC. / Kaiya, Haruhiko; Kono, Sho; Ogata, Shinpei; Okubo, Takao; Yoshioka, Nobukazu; Washizaki, Hironori; Kaijiri, Kenji.

Advanced Information Systems Engineering Workshops - CAiSE 2014 International Workshops, Proceedings. Springer Verlag, 2014. p. 343-348 (Lecture Notes in Business Information Processing; Vol. 178 LNBIP).

研究成果: Conference contribution

Kaiya, H, Kono, S, Ogata, S, Okubo, T, Yoshioka, N, Washizaki, H & Kaijiri, K 2014, Security requirements analysis using knowledge in CAPEC. in Advanced Information Systems Engineering Workshops - CAiSE 2014 International Workshops, Proceedings. Lecture Notes in Business Information Processing, vol. 178 LNBIP, Springer Verlag, pp. 343-348, 26th International Conference on Advanced Information Systems Engineering, CAiSE 2014, Thessaloniki, Greece, 14/6/16.

@inproceedings{7138d0fb1aa14cd38aff74e8c41284f1,

title = "Security requirements analysis using knowledge in CAPEC",

abstract = "Because all the requirements analysts are not the experts of security, providing security knowledge automatically is one of the effective means for supporting security requirements elicitation. We propose a method for eliciting security requirements on the basis of Common Attack Patterns Enumeration and Classification (CAPEC). A requirements analyst can automatically acquire the candidates of attacks against a functional requirement with the help of our method. Because technical terms are mainly used in the descriptions in CAPEC and usual phrases are used in the requirements descriptions, there are gaps between them. To bridge the gaps, our method contains a mapping between technical terms and noun phrases called term maps.",

keywords = "Requirements Elicitation, Requirements Engineering, Security Requirements, Structured Knowledge",

author = "Haruhiko Kaiya and Sho Kono and Shinpei Ogata and Takao Okubo and Nobukazu Yoshioka and Hironori Washizaki and Kenji Kaijiri",

year = "2014",

language = "English",

isbn = "9783319078687",

series = "Lecture Notes in Business Information Processing",

publisher = "Springer Verlag",

pages = "343--348",

booktitle = "Advanced Information Systems Engineering Workshops - CAiSE 2014 International Workshops, Proceedings",

note = "26th International Conference on Advanced Information Systems Engineering, CAiSE 2014 ; Conference date: 16-06-2014 Through 20-06-2014",

}

TY - GEN

T1 - Security requirements analysis using knowledge in CAPEC

AU - Kaiya, Haruhiko

AU - Kono, Sho

AU - Ogata, Shinpei

AU - Okubo, Takao

AU - Yoshioka, Nobukazu

AU - Washizaki, Hironori

AU - Kaijiri, Kenji

PY - 2014

Y1 - 2014

N2 - Because all the requirements analysts are not the experts of security, providing security knowledge automatically is one of the effective means for supporting security requirements elicitation. We propose a method for eliciting security requirements on the basis of Common Attack Patterns Enumeration and Classification (CAPEC). A requirements analyst can automatically acquire the candidates of attacks against a functional requirement with the help of our method. Because technical terms are mainly used in the descriptions in CAPEC and usual phrases are used in the requirements descriptions, there are gaps between them. To bridge the gaps, our method contains a mapping between technical terms and noun phrases called term maps.

AB - Because all the requirements analysts are not the experts of security, providing security knowledge automatically is one of the effective means for supporting security requirements elicitation. We propose a method for eliciting security requirements on the basis of Common Attack Patterns Enumeration and Classification (CAPEC). A requirements analyst can automatically acquire the candidates of attacks against a functional requirement with the help of our method. Because technical terms are mainly used in the descriptions in CAPEC and usual phrases are used in the requirements descriptions, there are gaps between them. To bridge the gaps, our method contains a mapping between technical terms and noun phrases called term maps.

KW - Requirements Elicitation

KW - Requirements Engineering

KW - Security Requirements

KW - Structured Knowledge

UR - http://www.scopus.com/inward/record.url?scp=84904557233&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84904557233&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84904557233

SN - 9783319078687

T3 - Lecture Notes in Business Information Processing

SP - 343

EP - 348

BT - Advanced Information Systems Engineering Workshops - CAiSE 2014 International Workshops, Proceedings

PB - Springer Verlag

T2 - 26th International Conference on Advanced Information Systems Engineering, CAiSE 2014

Y2 - 16 June 2014 through 20 June 2014

ER -

Security requirements analysis using knowledge in CAPEC

抄録

出版物シリーズ

Conference

ASJC Scopus subject areas

他のファイルとリンク

フィンガープリント

引用スタイル