A Tool-based Semantic Framework for Security Requirements Specification
Olawande Daramola (Covenant University, Nigeria)
Guttorm Sindre (Norwegian University of Science and Technology (NTNU), Norway)
Thomas Moser (Vienna University of Technology, Austria)
Abstract: Attaining high quality in security requirements specification requires first-rate professional expertise, which is scarce. In fact, most organisations do not include core security experts in their software team. This scenario motivates the need for adequate tool support for security requirements specification so that the human requirements analyst can be assisted to specify security requirements of acceptable quality with minimum effort. This paper presents a tool-based semantic framework that uses ontology and requirements boilerplates to facilitate the formulation and specification of security requirements. A two-phased evaluation of the semantic framework suggests that it is usable, leads to reduction of effort, aids the quick discovery of hidden security threats, and improves the quality of security requirements.
Keywords: information extraction, misuse cases, ontology, requirements boilerplates, security requirements, security threat
Categories: D.2.1, M.4, M.8