An Extended Ontology for Security Requirements

IRIS

Security concerns for physical, software and virtual worlds have captured the attention of researchers and the general public, thanks to a series of dramatic events during the past decade. Unsurprisingly, this has resulted in increased research activity on topics that relate to security requirements. At the very core of this activity lies the problem of determining a suitable set of concepts (aka ontology) for modeling security requirements. Many proposals for such ontologies exist in the literature. The main objective of this paper is to amalgamate and extend the security ontologies proposed in [1] and [2]. The amalgamation includes a careful comparison of primitive concepts in Problem Frames and Secure Tropos, but also offers a novel account for rather nebulous security concepts, such as those of vulnerability and threat. The new concepts are justified and related to the literature. Moreover, the paper offers a number of security requirements adopted from industrial case studies, alo...

An Extended Ontology for Security Requirements

Massacci, Fabio;Mylopoulos, Ioannis;F. Paci;T. T. Tun;Yijun Yu

2011-01-01

Abstract

Security concerns for physical, software and virtual worlds have captured the attention of researchers and the general public, thanks to a series of dramatic events during the past decade. Unsurprisingly, this has resulted in increased research activity on topics that relate to security requirements. At the very core of this activity lies the problem of determining a suitable set of concepts (aka ontology) for modeling security requirements. Many proposals for such ontologies exist in the literature. The main objective of this paper is to amalgamate and extend the security ontologies proposed in [1] and [2]. The amalgamation includes a careful comparison of primitive concepts in Problem Frames and Secure Tropos, but also offers a novel account for rather nebulous security concepts, such as those of vulnerability and threat. The new concepts are justified and related to the literature. Moreover, the paper offers a number of security requirements adopted from industrial case studies, alo...

Scheda breve

Scheda completa

Scheda completa (DC)

	Anno di pubblicazione (Date of publication)
	
				2011
			
	Titolo del volume (Proceedings title)
	
				CAiSE Workshops
			
	Luogo di edizione (Place of publication)
	
				Berlin
			
	Casa editrice (Publisher)
	
				Springer
			
	ISBN
	
				9783642220555
			
	Codice Scopus (Scopus Identifier)
	
				2-s2.0-79960330560
			
	Codice WOS (WOS identifier)
	
				WOS:000301989300056
			
	Tutti gli autori
	
						Massacci, Fabio; Mylopoulos, Ioannis; F., Paci; T. T., Tun; Yijun, Yu
					
	Appare nelle tipologie:
	
				04.1 Saggio in atti di convegno (Paper in Proceedings)

File in questo prodotto:

Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/89685

Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni

ND

28

24

ND

social impact