OKBC: a programmatic foundation for knowledge base interoperability
AAAI '98/IAAI '98 Proceedings of the fifteenth national/tenth conference on Artificial intelligence/Innovative applications of artificial intelligence
Scenario-based requirements analysis
Requirements Engineering
Guiding Goal Modeling Using Scenarios
IEEE Transactions on Software Engineering
Annals of Software Engineering
Goal-Oriented Requirements Engineering: A Guided Tour
RE '01 Proceedings of the Fifth IEEE International Symposium on Requirements Engineering
Ontology as a Requirements Engineering Product
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Designing information systems in social context: a goal and scenario modelling approach
Information Systems - Special issue: The 14th international conference on advanced information systems engineering (CAiSE*02)
Jena: implementing the semantic web recommendations
Proceedings of the 13th international World Wide Web conference on Alternate track papers & posters
Ontology based object-oriented domain modelling: fundamental concepts
Requirements Engineering
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Analyzing Goal Semantics for Rights, Permissions, and Obligations
RE '05 Proceedings of the 13th IEEE International Conference on Requirements Engineering
Ontology-based Active Requirements Engineering Framework
APSEC '05 Proceedings of the 12th Asia-Pacific Software Engineering Conference
Introduction to software engineering for secure systems: SESS06 -- secure by design
Proceedings of the 2006 international workshop on Software engineering for secure systems
Towards a Requirements-Driven Workbench for Supporting Software Certification and Accreditation
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
An evaluation of business solutions in manufacturing enterprises
International Journal of Business Intelligence and Data Mining
An information security ontology incorporating human-behavioural implications
Proceedings of the 2nd international conference on Security of information and networks
A systematic review of security requirements engineering
Computer Standards & Interfaces
Basis for an integrated security ontology according to a systematic review of existing proposals
Computer Standards & Interfaces
An ontology-based approach for occupational health
Proceedings of the 15th WSEAS international conference on Computers
Towards HIPAA-compliant healthcare systems
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
International Journal of Internet Technology and Secured Transactions
Hi-index | 0.00 |
Establishing secure systems assurance based on Certification and Accreditation (C&A) activities, requires effective ways to understand the enforced security requirements, gather relevant evidences, perceive related risks in the operational environment, and reveal their causal relationships with other domain concepts. However, C&A security requirements are expressed in multiple regulatory documents with complex interdependencies at different levels of abstractions that often result in subjective interpretations and non-standard implementations. Their non-functional nature imposes complex constraints on the emergent behavior of software-intensive systems, making them hard to understand, predict, and control. To address these issues, we present novel techniques from software requirements engineering and knowledge engineering for systematically extracting, modeling, and analyzing security requirements and related concepts from multiple C&A-enforced regulatory documents. We employ advanced ontological engineering processes as our primary modeling technique to represent complex and diverse characteristics of C&A security requirements and related domain knowledge. We apply our methodology to build problem domain ontology from regulatory documents enforced by the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP).