JUCS - Journal of Universal Computer Science 19(13): 1940-1962, doi: 10.3217/jucs-019-13-1940
A Tool-based Semantic Framework for Security Requirements Specification
expand article infoOlawande Daramola, Guttorm Sindre§, Thomas Moser|
‡ Covenant University, Ota, Nigeria§ Norwegian University of Science and Technology (NTNU), Trondheim, Norway| Vienna University of Technology, Vienna, Austria
Open Access
Abstract
Attaining high quality in security requirements specification requires first-rate professional expertise, which is scarce. In fact, most organisations do not include core security experts in their software team. This scenario motivates the need for adequate tool support for security requirements specification so that the human requirements analyst can be assisted to specify security requirements of acceptable quality with minimum effort. This paper presents a tool-based semantic framework that uses ontology and requirements boilerplates to facilitate the formulation and specification of security requirements. A two-phased evaluation of the semantic framework suggests that it is usable, leads to reduction of effort, aids the quick discovery of hidden security threats, and improves the quality of security requirements.
Keywords
security requirements, ontology, requirements boilerplates, information extraction, security threat, misuse cases