Using the AMAN-DA method to generate security requirements: a case study in the maritime domain

摘要

Security requirements are known to be "the most difficult of requirements types" and potentially the ones causing the greatest risk if they are not correct. One approach to requirements elicitation is based on the reuse of explicit knowledge. AMAN-DA is a requirement elicitation method that reuses encapsulated knowledge in security and domain ontologies to produce security requirements specifications. The main research question addressed in this paper is to what extent is AMAN-DA able to generate domain-specific security requirements? Following a well-documented process, a case study related to the maritime domain was undertaken with the goal to demonstrate the utility and effectiveness of AMAN-DA for the elicitation and analysis of domain-specific security requirements. The usefulness of the method was also evaluated with a group of 12 experts. The paper demonstrates the elicitation of domain-specific security requirements by presenting the AMAN-DA method and its application. It describes the evaluation and reports some significant results and their implications for practice and future research, especially for the field of knowledge reuse in requirements engineering.