TY - GEN
T1 - Security requirements analysis using knowledge in CAPEC
AU - Kaiya, Haruhiko
AU - Kono, Sho
AU - Ogata, Shinpei
AU - Okubo, Takao
AU - Yoshioka, Nobukazu
AU - Washizaki, Hironori
AU - Kaijiri, Kenji
N1 - Copyright:
Copyright 2020 Elsevier B.V., All rights reserved.
PY - 2014
Y1 - 2014
N2 - Because all the requirements analysts are not the experts of security, providing security knowledge automatically is one of the effective means for supporting security requirements elicitation. We propose a method for eliciting security requirements on the basis of Common Attack Patterns Enumeration and Classification (CAPEC). A requirements analyst can automatically acquire the candidates of attacks against a functional requirement with the help of our method. Because technical terms are mainly used in the descriptions in CAPEC and usual phrases are used in the requirements descriptions, there are gaps between them. To bridge the gaps, our method contains a mapping between technical terms and noun phrases called term maps.
AB - Because all the requirements analysts are not the experts of security, providing security knowledge automatically is one of the effective means for supporting security requirements elicitation. We propose a method for eliciting security requirements on the basis of Common Attack Patterns Enumeration and Classification (CAPEC). A requirements analyst can automatically acquire the candidates of attacks against a functional requirement with the help of our method. Because technical terms are mainly used in the descriptions in CAPEC and usual phrases are used in the requirements descriptions, there are gaps between them. To bridge the gaps, our method contains a mapping between technical terms and noun phrases called term maps.
KW - Requirements Elicitation
KW - Requirements Engineering
KW - Security Requirements
KW - Structured Knowledge
UR - http://www.scopus.com/inward/record.url?scp=84904557233&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84904557233&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:84904557233
SN - 9783319078687
T3 - Lecture Notes in Business Information Processing
SP - 343
EP - 348
BT - Advanced Information Systems Engineering Workshops - CAiSE 2014 International Workshops, Proceedings
PB - Springer Verlag
T2 - 26th International Conference on Advanced Information Systems Engineering, CAiSE 2014
Y2 - 16 June 2014 through 20 June 2014
ER -