Enhancing Goal-Oriented Security Requirements Analysis Using Common Criteria-Based Knowledge

paper index | HOME

Title: Enhancing Goal-Oriented Security Requirements Analysis Using Common Criteria-Based Knowledge
Author(s): Motoshi Saeki, Shinpei Hayashi, Haruhiko Kaiya.
Source: International Journal of Software Engineering and Knowledge Engineering (IJSEKE). World Scientific Publishing, Vol. 23, No. 05, pp. 695-720, Jun. 2013. DOI: 10.1142/S0218194013500174

Abstract:
Goal-oriented requirements analysis (GORA) is one of the promising techniques to elicit software requirements, and it is natural to consider its application to security requirements analysis. In this paper, we proposed a method for goal-oriented security requirements analysis using security knowledge which is derived from several security targets (STs) compliant to Common Criteria (CC, ISO/IEC 15408).We call such knowledge as security ontology for an application domain (SOAD). Three aspects of security such as confidentiality, integrity and availability are included in the scope of our method because the CC addresses these three aspects.We extract security-related concepts such as assets, threats, countermeasures and their relationships from STs and utilize these concepts and relationships for security goal elicitation and refinement in GORA. The usage of certificated STs as knowledge source allows us to reuse efficiently security-related concepts of higher quality. To realize our proposed method as a supporting tool, we use an existing method GOORE (goal-oriented and ontology-driven requirements elicitation method) combining with SOAD. In GOORE, terms and their relationships in a domain ontology play an important role of semantic processing such as goal refinement and conflict identification. SOAD is defined based on concepts in STs. In contrast with other goal-oriented security requirements methods, the knowledge derived from actual STs contributes to eliciting security requirements in our method. In addition, the relationships among the assets, threats, objectives and security functional requirements can be directly reused for the refinement of security goals. We show an illustrative example to show the usefulness of our method and evaluate the method in comparison with other goal-oriented security requirements analysis methods.