Title of article :
A Tool-based Semantic Framework for Security Requirements Specification
Author/Authors :
Daramola, Olawande Covenant University - Department of Computer and Information Sciences, Nigeria , Sindre, Guttorm Norwegian University of Science and Technology (NTNU) - Department of Computer and Information Science, Norway , Moser, Thomas Vienna University of Technology - Christian Doppler Laboratory for Software Engineering Christian Doppler Laboratory for Software EngineeringIntegration for Flexible Automation Systems, Austria
Abstract :
Attaining high quality in security requirements specification requires first-rate professional expertise, which is scarce. In fact, most organisations do not include core security experts in their software team. This scenario motivates the need for adequate tool support for security requirements specification so that the human requirements analyst can be assisted to specify security requirements of acceptable quality with minimum effort. This paper presents a tool-based semantic framework that uses ontology and requirements boilerplates to facilitate the formulation and specification of security requirements. A two-phased evaluation of the semantic framework suggests that it is usable, leads to reduction of effort, aids the quick discovery of hidden security threats, and improves the quality of security requirements.
Keywords :
security requirements , ontology , requirements boilerplates , information extraction , security threat , misuse cases
Journal title :
Journal of J.UCS (Journal of Universal Computer Science)
Journal title :
Journal of J.UCS (Journal of Universal Computer Science)
