Enhancing Goal-Oriented Security Requirements Analysis Using Common Criteria-Based Knowledge
Motoshi Saeki, Shinpei Hayashi, Haruhiko Kaiya.
International Journal of Software Engineering and Knowledge Engineering (IJSEKE).
World Scientific Publishing, Vol. 23, No. 05, pp. 695-720, Jun. 2013.
Goal-oriented requirements analysis (GORA) is one of the promising techniques to
elicit software requirements, and it is natural to consider its application to security
requirements analysis. In this paper, we proposed a method for goal-oriented security
requirements analysis using security knowledge which is derived from several security targets
(STs) compliant to Common Criteria (CC, ISO/IEC 15408).We call such knowledge
as security ontology for an application domain (SOAD). Three aspects of security such as
confidentiality, integrity and availability are included in the scope of our method because
the CC addresses these three aspects.We extract security-related concepts such as assets,
threats, countermeasures and their relationships from STs and utilize these concepts and
relationships for security goal elicitation and refinement in GORA. The usage of certificated
STs as knowledge source allows us to reuse efficiently security-related concepts of
higher quality. To realize our proposed method as a supporting tool, we use an existing
method GOORE (goal-oriented and ontology-driven requirements elicitation method)
combining with SOAD. In GOORE, terms and their relationships in a domain ontology
play an important role of semantic processing such as goal refinement and conflict identification.
SOAD is defined based on concepts in STs. In contrast with other goal-oriented
security requirements methods, the knowledge derived from actual STs contributes to
eliciting security requirements in our method. In addition, the relationships among the
assets, threats, objectives and security functional requirements can be directly reused for
the refinement of security goals. We show an illustrative example to show the usefulness
of our method and evaluate the method in comparison with other goal-oriented security
requirements analysis methods.