Towards an Ontological Approach to Information System Security and Safety Requirement Modeling and Reuse

  • Authors:

  • O. T. Arogundade;A. T. Akinwale;Z. Jin;X. G. Yang

  • Affiliations:

  • Laboratory of Management Decision and Information Systems, Academy of Mathematics and Systems Science, Chinese Academy of Sciences, Beijing, China;Department of Computer Science, Federal University of Agriculture, Abeokuta, Ogun State, Nigeria;School of Electronics Engineering and Computer Science, Peking University, Beijing, China;Laboratory of Management Decision and Information Systems, Academy of Mathematics and Systems Science, Chinese Academy of Sciences, Beijing, China

  • Venue:
  • Information Security Journal: A Global Perspective
  • Year:
  • 2012

Quantified Score

Hi-index 0.00

Visualization

Abstract

Misuse cases are currently used to identify safety and security threats and subsequently capture safety and security requirements. There is limited consensus to the precise meaning of the basic terminology used for use/misuse case concepts. This paper delves into the use of ontology for the formal representation of the use-misuse case domain knowledge for eliciting safety and security requirements. We classify misuse cases into different category to reflect different type of misusers. This will allow participants during the requirement engineering stage to have a common understanding of the problem domain. We enhanced the misuse case domain to include abusive misuse case and vulnerable use case in order to boost the elicitation of safety requirements. The proposed ontological approach will allow developer to share and reuse the knowledge represented in the ontology thereby avoiding ambiguity and inconsistency in capturing safety and security requirements. OWL protégé 3.3.1 editor was used for the ontology coding. An illustration of the use of the ontology is given with examples from the health care information system.