Write a Blog >>
Mon 20 - Fri 24 September 2021
Fri 24 Sep 2021 08:30 - 09:00 at Golden Dome - Risk and Security Chair(s): Maya Daneva

Journal of Systems and Software 2020

Socio-technical systems (STS) are inherently complex due to the heterogeneity of its intertwined components. Therefore, ensuring STS security continues to pose significant challenges. Persistent security issues in STS are extremely critical to address as threats to security can affect entire enterprises, resulting in significant recovery costs. A profound understanding of the problems across multiple dimensions of STS is the key in addressing such security issues. However, we lack a systematic acquisition of the scattered knowledge related to design, development, and execution of STS. In this work, we methodologically analyze security issues from a requirements engineering perspective. We propose a cognitive three-layered framework integrating various modeling methodologies and knowledge sources related to security. This framework helps in understanding essential components of security and making recommendations of security requirements regarding threat analyses and risk assessments using Problem Domain Ontology (PDO) knowledge base. We also provide tool support for our framework. With the goal-oriented security reference model, we demonstrate how security requirements are recommended based on PDO, with the help of the tool. The organized acquisition of knowledge from SME groups and the domain working group provides rich context of security requirements, and also enhances the re-usability of the knowledge set.

Fri 24 Sep

Displayed time zone: Eastern Time (US & Canada) change

08:00 - 09:20
Towards the Integration of Cybersecurity Risk Assessment into Model-based Requirements EngineeringIndustrial Innovation Paper
Industrial Innovation Papers
Douraïd Naouar Chaire de Cyberdéfense des Systèmes Navals, Lab-STICC, Jamal EL HACHEM IRISA – UMR 6074, Univ. Bretagne-Sud, Yvon Kermarrec UMR CNRS - 6285, Lab-STICC, Jean-Luc Voirin Thales Airborne Systems, Jacques Foisil Thales Airborne Systems
Understanding and recommending security requirements from problem domain ontology: A cognitive three-layered approachJ1
Bong-Jae Kim , Seok-Won Lee Ajou University
Link to publication DOI
Combining risk and variability modelling for requirements analysis in SAS engineeringRE@Next
RE@Next! Papers
Denisse Muñante SAMOVAR, Télécom SudParis, Institut Polytechnique de Paris, Anna Perini Fondazione Bruno Kessler, Fitsum Kifetew Fondazione Bruno Kessler, Angelo Susi Fondazione Bruno Kessler