Supporting the Discovery, Reuse, and Validation of Cybersecurity Requirements at the Early Stages of the Software Development Lifecycle

The focus of this research is to develop an approach that enhances the elicitation and specification of reusable cybersecurity requirements. Cybersecurity has become a global concern as cyber-attacks are projected to cost damages totaling more than $10.5 trillion dollars by 2025. Cybersecurity requirements are more challenging to elicit than other requirements because they are nonfunctional requirements that requires cybersecurity expertise and knowledge of the proposed system. The goal of this research is to generate cybersecurity requirements based on knowledge acquired from requirements elicitation and analysis activities, to provide cybersecurity specifications without requiring the specialized knowledge of a cybersecurity expert, and to generate reusable cybersecurity requirements. The proposed approach can be an effective way to implement cybersecurity requirements at the earliest stages of the system development life cycle because the approach facilitates the identification of cybersecurity requirements throughout the requirements gathering stage. This is accomplished through the development of the Secure Development Ontology that maps cybersecurity features and the functional features descriptions in order to train a classification machine-learning model to return the suggested security requirements. The SD-SRE requirements engineering portal was created to support the application of this research by providing a platform to submit use case scenarios and requirements and suggest security requirements for the given system. The efficacy of this approach was tested with students in a graduate requirements engineering course. The students were presented with a system description and tasked with creating use case scenarios using the SD-SRE portal. The entered models were automatically analyzed by the SD-SRE system to suggest the security requirements. The results showed that the approach can be an effective approach to assist in the identification of security requirements

Goal-oriented design of value and process models from patterns

This thesis defines a design framework and a method for modelling networked businesses. The intended application domain is electronic businesses that extensively use information and communication technology to coordinate work. The key property of the proposed approach is the reuse of design knowledge in the form of design patterns. Design patterns are extracted from models of existing electronic intermediaries considered successful. These businesses have been reverse-engineered to two types of models: economic value exchange models and business process models. The identified patterns comprise two libraries of value exchange and business process patterns, respectively. Patterns are catalogued with, among others, their context, solved problem, and proposed solution. Most importantly, they are annotated with a machine-readable\ud capability model used as a search key in the library. Capability models are part of the goal-modelling technique for business requirements proposed here. Our goal-modelling technique operationalizes each business goal with a variable and an evaluation function: the evaluation function determines when a measured variable value satisfies the goal. A goal model represents requirements if goals are assigned evaluation functions but the variable values are unknown. In such a case, the goal model specifies what is desired to happen. If, on the other hand, variable values are known, the goal model documents the capabilities of a pattern. The proposed design framework structures the development process into: (1) available design knowledge in libraries of value and process patterns, (2) business requirements captured in a goal model, and (3) economic value and business process perspectives to look at a business system. The design method prescribes steps to transform patterns and requirements into a system specification. These include: (i) identification of relevant pattern based on matching capability and requirements goal models; (ii) synthesis of value and process patterns into value and process models, respectively; and (iii) consistency check procedure for value and process model.\ud The usefulness of the approach is demonstrated in a real-life example, which shows that the framework and method exhibit a predefined set of desired properties

Tools for producing formal specifications : a view of current architectures and future directions

During the last decade, one important contribution towards requirements engineering has been the advent of formal specification languages. They offer a well-defined notation that can improve consistency and avoid ambiguity in specifications. However, the process of obtaining formal specifications that are consistent with the requirements is itself a difficult activity. Hence various researchers are developing systems that aid the transition from informal to formal specifications. The kind of problems tackled and the contributions made by these proposed systems are very diverse. This paper brings these studies together to provide a vision for future architectures that aim to aid the transition from informal to formal specifications. The new architecture, which is based on the strengths of existing studies, tackles a number of key issues in requirements engineering such as identifying ambiguities, incompleteness, and reusability. The paper concludes with a discussion of the research problems that need to be addressed in order to realise the proposed architecture

Requirements analysis of the VoD application using the tools in TRADE

This report contains a specification of requirements for a video-on-demand (VoD) application developed at Belgacom, used as a trial application in the 2RARE project. The specification contains three parts: an informal specification in natural language; a semiformal specification consisting of a number of diagrams intended to illustrate the informal specification; and a formal specification that makes the requiremants on the desired software system precise. The informal specification is structured in such a way that it resembles official specification documents conforming to standards such as that of IEEE or ESA. The semiformal specification uses some of the tools in from a requirements engineering toolkit called TRADE (Toolkit for Requirements And Design Engineering). The purpose of TRADE is to combine the best ideas in current structured and object-oriented analysis and design methods within a traditional systems engineering framework. In the case of the VoD system, the systems engineering framework is useful because it provides techniques for allocation and flowdown of system functions to components. TRADE consists of semiformal techniques taken from structured and object-oriented analysis as well as a formal specification langyage, which provides constructs that correspond to the semiformal constructs. The formal specification used in TRADE is LCM (Language for Conceptual Modeling), which is a syntactically sugared version of order-sorted dynamic logic with equality. The purpose of this report is to illustrate and validate the TRADE/LCM approach in the specification of distributed, communication-intensive systems

Requirements Engineering: A Tube-Map.

In this paper, a diagrammatic representation of the main processes occurring in Requirements Engineering has been introduced. Adopted style has been derived by the notorious London Tube Map: it allows practitioners, academics and all stakeholders to fully appreciate the complex set of iterations as they occur during any software development project. Some benefits have been discussed: non technical stakeholders can be provided with a simple and yet effective tool to communicate among each other; requirements engineers and analysts can easily track their activities; academics can use the map for teaching purposes as well as to remind themselves what practical help they can provide against the expected outcomes RE community would look for. Potential developments of the map are its transformation into a system integrator, in order to facilitate practitioners in managing the fragmentation of the discipline; and the possibility of the map to become a virtual “gate” to any knowledge repository which emerges within any development project.Peer reviewe

Early aspects: aspect-oriented requirements engineering and architecture design

This paper reports on the third Early Aspects: Aspect-Oriented Requirements Engineering and Architecture Design Workshop, which has been held in Lancaster, UK, on March 21, 2004. The workshop included a presentation session and working sessions in which the particular topics on early aspects were discussed. The primary goal of the workshop was to focus on challenges to defining methodical software development processes for aspects from early on in the software life cycle and explore the potential of proposed methods and techniques to scale up to industrial applications

Knowledge-based support in Non-Destructive Testing for health monitoring of aircraft structures

Maintenance manuals include general methods and procedures for industrial maintenance and they contain information about principles of maintenance methods. Particularly, Non-Destructive Testing (NDT) methods are important for the detection of aeronautical defects and they can be used for various kinds of material and in different environments. Conventional non-destructive evaluation inspections are done at periodic maintenance checks. Usually, the list of tools used in a maintenance program is simply located in the introduction of manuals, without any precision as regards to their characteristics, except for a short description of the manufacturer and tasks in which they are employed. Improving the identification concepts of the maintenance tools is needed to manage the set of equipments and establish a system of equivalence: it is necessary to have a consistent maintenance conceptualization, flexible enough to fit all current equipment, but also all those likely to be added/used in the future. Our contribution is related to the formal specification of the system of functional equivalences that can facilitate the maintenance activities with means to determine whether a tool can be substituted for another by observing their key parameters in the identified characteristics. Reasoning mechanisms of conceptual graphs constitute the baseline elements to measure the fit or unfit between an equipment model and a maintenance activity model. Graph operations are used for processing answers to a query and this graph-based approach to the search method is in-line with the logical view of information retrieval. The methodology described supports knowledge formalization and capitalization of experienced NDT practitioners. As a result, it enables the selection of a NDT technique and outlines its capabilities with acceptable alternatives