Modelling Reusable Security Requirements based on an Ontology Framework

摘要

In recent years, security in Information Systems (IS) has become an important issue, and needs to be taken into account in all stages of IS development, including the early phase of Requirements Engineering (RE). Reuse of requirements improves the productivity and quality of software process and products. This can be facilitated by Semantic Web technologies. We describe an ontology-based framework for representing and reusing security requirements based on risk analysis. A risk analysis ontology and a requirement ontology have been developed and combined to represent reusable security requirements formally and to improve security in IS by detecting incompleteness and inconsistency and achieving semantic processing in requirements analysis. This extensible framework is the basis on which to elaborate a "lightweight" method to elicit and specify security requirements, based on security standards.