Towards an Ontological Approach to Information System Security and Safety Requirement Modeling and Reuse

نویسندگان

  • Oluwasefunmi 'Tale Arogundade
  • Adio T. Akinwale
  • Z. Jin
  • X. G. Yang
چکیده

Preview Buy now DOI: 10.1080/19393555.2011.652290 O. T. Arogundadea*, A. T. Akinwaleb, Z. Jinc & X. G. Y anga pages 137-149 Version of record first published: 14 May 2012 Article Views: 66 Alert me TOC email alert TOC RSS feed Citation email alert Citation RSS feed ABSTRACT Misuse cases are currently used to identify safety and security threats and subsequently capture safety and security requirements. There is limited consensus to the precise meaning of the basic terminology used for use/misuse case concepts. This paper delves into the use of ontology for the formal representation of the use-misuse case domain knowledge for eliciting safety and security requirements. We classify misuse cases into different category to reflect different type of misusers. This will allow participants during the requirement engineering stage to have a common understanding of the problem domain. We enhanced the misuse case domain to include abusive misuse case and vulnerable use case in order to boost the elicitation of safety requirements. The proposed ontological approach will allow developer to share and reuse the knowledge represented in the ontology thereby avoiding ambiguity and inconsistency in capturing safety and security requirements. OWL protégé 3.3.1 editor was used for the ontology coding. An illustration of the use of the ontology is given with examples from the health care information system. View full text Download full text Taylor & Francis Online :: Towards an Ontological Approach to Informati... http://www.tandfonline.com/doi/abs/10.1080/19393555.2011.652290

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Dwarf Frankenstein is still in your memory: tiny code reuse attacks

Code reuse attacks such as return oriented programming and jump oriented programming are the most popular exploitation methods among attackers. A large number of practical and non-practical defenses are proposed that differ in their overhead, the source code requirement, detection rate and implementation dependencies. However, a usual aspect among these methods is consideration of the common be...

متن کامل

Effectiveness of ontological security training on psychological safety and existential anxiety of elder people

Introduction: Old ages are one of the most major period of human life which because of its nature and being close to death time enhances deep questions about existential identity of man, anxiety related to effacement and annihilation, meaningfulness, feelings of unsafety, loneliness and seclusion in mind of most elder people. So this research has been done to review the effectiveness of ontolog...

متن کامل

Formal approach on modeling and predicting of software system security: Stochastic petri net

To evaluate and predict component-based software security, a two-dimensional model of software security is proposed by Stochastic Petri Net in this paper. In this approach, the software security is modeled by graphical presentation ability of Petri nets, and the quantitative prediction is provided by the evaluation capability of Stochastic Petri Net and the computing power of Markov chain. Each...

متن کامل

Privacy: An Ontological Problem

Approaches to addressing privacy issues tend to assume privacy is well understood and typically approach the problem from a security perspective. However, security is more concerned with safety than with privacy. Given the lack of satisfaction with advanced privacy-enhancing-technologies, we argue that an ontological framework is fundamental to advancing the capabilities of technologyenabled so...

متن کامل

Aggrandizing the beast's limbs: patulous code reuse attack on ARM architecture

Since smartphones are usually personal devices full of private information, they are a popular target for a vast variety of real-world attacks such as Code Reuse Attack (CRA). CRAs enable attackers to execute any arbitrary algorithm on a device without injecting an executable code. Since the standard platform for mobile devices is ARM architecture, we concentrate on available ARM-based CRAs. Cu...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • Information Security Journal: A Global Perspective

دوره 21  شماره 

صفحات  -

تاریخ انتشار 2012