AMAN-DA: A knowledge reuse based approach for domain specific security requirements engineering

PhD Thesis


Souag, A. 2015. AMAN-DA: A knowledge reuse based approach for domain specific security requirements engineering. PhD Thesis Université Paris 1 Panthéon-Sorbonne CRI - Centre de Recherche en Informatique de Paris 1
AuthorsSouag, A.
TypePhD Thesis
Abstract

In recent years, security in Information Systems (IS) has become an important issue that needs to be taken into account in all stages of IS development, including the early phase of Requirement Engineering (RE). Considering security during early stages of IS development allows IS developers to envisage threats, their consequences and countermeasures before a system is in place. Security requirements are known to be “the most difficult of requirements types”, and potentially the ones causing the greatest risk if they are not correct. Moreover, requirements engineers are not primarily interested in, or knowledgeable about, security. Their tacit knowledge about security and their primitive knowledge about the domain for which they elicit security requirements make the resulting security requirements poor and too generic. This thesis explores the approach of eliciting requirements based on the reuse of explicit knowledge. First, the thesis proposes an extensive systematic mapping study of the literature on the reuse of knowledge in security requirements engineering identifying the diferent knowledge forms. This is followed by a review and classification of security ontologies as the main reuse form. In the second part, AMAN-DA is presented. AMAN-DA is the method developed in this thesis. It allows the elicitation of domain-specific security requirements of an information system by reusing knowledge encapsulated in domain and security ontologies. Besides that, the thesis presents the different elements of AMANDA: (i) a core security ontology, (ii) a multi-level domain ontology, (iii) security goals and requirements’s syntactic models, (iv) a set of rules and mechanisms necessary to explore and reuse the encapsulated knowledge of the ontologies and produce security requirements specifications. The last part reports the evaluation of the method. AMAN-DA was implemented in a prototype tool. Its feasibility was evaluated and applied in case studies of three different domains (maritime, web applications, and sales). The ease of use and the usability of the method and its tool were also evaluated in a controlled experiment. The experiment revealed that the method is beneficial for the elicitation of domain specific security requirements, and that the tool is friendly and easy to use.

KeywordsRequirement engineering; Information systems; Ontologies; Mapping study; Security requirements; Domain; Eliciation
Year2015
Official URLhttps://paris1.hal.science/tel-01302760
Publication process dates
Deposited25 Oct 2023
Permalink -

https://repository.canterbury.ac.uk/item/961z3/aman-da-a-knowledge-reuse-based-approach-for-domain-specific-security-requirements-engineering

  • 39
    total views
  • 0
    total downloads
  • 5
    views this month
  • 0
    downloads this month

Export as

Related outputs

Machine learning in ASL fingerspelling recognition: A literature review
Pinnington, J., Souag, A. and Azhar, H. 2024. Machine learning in ASL fingerspelling recognition: A literature review. in: IEEE Xplore.
Utilising transformers for American Sign Language fingerspelling recognition
Pinnington, J., Souag, A. and Azhar, H. 2024. Utilising transformers for American Sign Language fingerspelling recognition. in: 24th International Symposium on Computational Intelligence and Informatics (CINTI 2024)
A novel dataset of annotated oyster mushroom images with environmental context for machine learning applications
Duman, S., Elewi, A., Hajhamed, A., Khankan, R., Souag, A. and Ahmed, A. 2024. A novel dataset of annotated oyster mushroom images with environmental context for machine learning applications. Data in Brief. 57. https://doi.org/10.1016/j.dib.2024.111074
Design and implementation of a cost-aware and smart oyster mushroom cultivation system
Souag, A., Elewi, A., Hajhamed, A., Khankan, R., Duman, S. and Ahmed, A. 2024. Design and implementation of a cost-aware and smart oyster mushroom cultivation system. Smart Agricultural Technology. Volume 8. https://doi.org/10.1016/j.atech.2024.100439
Cancer: Investigating the impact of the implementation platform on machine learning models
Olowolayemo, A. S., Souag, A. and Sirlantzis, K. 2024. Cancer: Investigating the impact of the implementation platform on machine learning models. in: Mengoni, M. and Souag, A. (ed.) AIHealth 2024, The First International Conference on AI-Health ThinkMind.
Why should everybody learn Artificial Intelligence?
Turner, S. and Souag, A. 2022. Why should everybody learn Artificial Intelligence? ETD blog, Canterbury Christ church University
How can the semantic web and ontologies help history and archeology
Souag, A. 2019. How can the semantic web and ontologies help history and archeology. in: Dans les dédales du web. Historiens en territoires numériques Paris Éditions de la Sorbonne.
Using the AMAN-DA method to generate security requirements: a case study in the maritime domain
Souag, A., Mazo, R., Salinesi, C. and Comyn-Wattiau, I. 2018. Using the AMAN-DA method to generate security requirements: a case study in the maritime domain. Requirements Engineering Journal. 23 (557–580). https://doi.org/10.1007/s00766-017-0279-5
Reusable knowledge in security requirements engineering: a systematic mapping study
Souag, A., Mazo, R., Salinesi, C. and Comyn-Wattiau, I. 2016. Reusable knowledge in security requirements engineering: a systematic mapping study. Requirements Engineering Journal. 21 (251–283). https://doi.org/10.1007/s00766-015-0220-8
A security ontology for security requirements elicitation
Souag, A. and Salinesi C., Mazo R., Comyn-Wattiau I. 2015. A security ontology for security requirements elicitation. https://doi.org/10.1007/978-3-319-15618-7_13
A methodology for defining security requirements using security and domain ontologies
Souag, A., Salinesi C. and Comyn-Wattiau I. 2013. A methodology for defining security requirements using security and domain ontologies. Insight. Volume 16 (4), pp. 14-16. https://doi.org/10.1002/inst.201316414
Ontologies for security requirements: a literature survey and classification’
Souag, A. and Salinesi C., Comyn-Wattiau I. 2012. Ontologies for security requirements: a literature survey and classification’. https://doi.org/10.1007/978-3-642-31069-0_5