Building problem domain ontology from security requirements in regulatory documents

Authors:
Seok-Won Lee;Robin Gandhi;Divya Muthurajan;Deepak Yavagal;Gail-Joon Ahn
Affiliations:
The University of North Carolina at Charlotte, Charlotte, NC;The University of North Carolina at Charlotte, Charlotte, NC;The University of North Carolina at Charlotte, Charlotte, NC;The University of North Carolina at Charlotte, Charlotte, NC;The University of North Carolina at Charlotte, Charlotte, NC
Venue:
Proceedings of the 2006 international workshop on Software engineering for secure systems
Year:
2006

Citing 13
Cited 9

OKBC: a programmatic foundation for knowledge base interoperability

AAAI '98/IAAI '98 Proceedings of the fifteenth national/tenth conference on Artificial intelligence/Innovative applications of artificial intelligence
Scenario-based requirements analysis

Requirements Engineering
Guiding Goal Modeling Using Scenarios

IEEE Transactions on Software Engineering
The meaning of requirements

Annals of Software Engineering
Goal-Oriented Requirements Engineering: A Guided Tour

RE '01 Proceedings of the Fifth IEEE International Symposium on Requirements Engineering
Ontology as a Requirements Engineering Product

RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Designing information systems in social context: a goal and scenario modelling approach

Information Systems - Special issue: The 14th international conference on advanced information systems engineering (CAiSE*02)
Jena: implementing the semantic web recommendations

Proceedings of the 13th international World Wide Web conference on Alternate track papers & posters
Ontology based object-oriented domain modelling: fundamental concepts

Requirements Engineering
Establishing trustworthiness in services of the critical infrastructure through certification and accreditation

SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Analyzing Goal Semantics for Rights, Permissions, and Obligations

RE '05 Proceedings of the 13th IEEE International Conference on Requirements Engineering
Analyzing Government Regulations Using Structural and Domain Information

Computer
Ontology-based Active Requirements Engineering Framework

APSEC '05 Proceedings of the 12th Asia-Pacific Software Engineering Conference

Introduction to software engineering for secure systems: SESS06 -- secure by design

Proceedings of the 2006 international workshop on Software engineering for secure systems
Towards a Requirements-Driven Workbench for Supporting Software Certification and Accreditation

SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
An evaluation of business solutions in manufacturing enterprises

International Journal of Business Intelligence and Data Mining
An information security ontology incorporating human-behavioural implications

Proceedings of the 2nd international conference on Security of information and networks
A systematic review of security requirements engineering

Computer Standards & Interfaces
Basis for an integrated security ontology according to a systematic review of existing proposals

Computer Standards & Interfaces
An ontology-based approach for occupational health

Proceedings of the 15th WSEAS international conference on Computers
Towards HIPAA-compliant healthcare systems

Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Ontology-based representation of reusable security requirements for developing secure web applications

International Journal of Internet Technology and Secured Transactions

Quantified Score

Hi-index	0.00

Visualization

Abstract

Establishing secure systems assurance based on Certification and Accreditation (C&A) activities, requires effective ways to understand the enforced security requirements, gather relevant evidences, perceive related risks in the operational environment, and reveal their causal relationships with other domain concepts. However, C&A security requirements are expressed in multiple regulatory documents with complex interdependencies at different levels of abstractions that often result in subjective interpretations and non-standard implementations. Their non-functional nature imposes complex constraints on the emergent behavior of software-intensive systems, making them hard to understand, predict, and control. To address these issues, we present novel techniques from software requirements engineering and knowledge engineering for systematically extracting, modeling, and analyzing security requirements and related concepts from multiple C&A-enforced regulatory documents. We employ advanced ontological engineering processes as our primary modeling technique to represent complex and diverse characteristics of C&A security requirements and related domain knowledge. We apply our methodology to build problem domain ontology from regulatory documents enforced by the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP).