13,445 research outputs found
Model the System from Adversary Viewpoint: Threats Identification and Modeling
Security attacks are hard to understand, often expressed with unfriendly and
limited details, making it difficult for security experts and for security
analysts to create intelligible security specifications. For instance, to
explain Why (attack objective), What (i.e., system assets, goals, etc.), and
How (attack method), adversary achieved his attack goals. We introduce in this
paper a security attack meta-model for our SysML-Sec framework, developed to
improve the threat identification and modeling through the explicit
representation of security concerns with knowledge representation techniques.
Our proposed meta-model enables the specification of these concerns through
ontological concepts which define the semantics of the security artifacts and
introduced using SysML-Sec diagrams. This meta-model also enables representing
the relationships that tie several such concepts together. This representation
is then used for reasoning about the knowledge introduced by system designers
as well as security experts through the graphical environment of the SysML-Sec
framework.Comment: In Proceedings AIDP 2014, arXiv:1410.322
Towards a Semantic-based Approach for Modeling Regulatory Documents in Building Industry
Regulations in the Building Industry are becoming increasingly complex and
involve more than one technical area. They cover products, components and
project implementation. They also play an important role to ensure the quality
of a building, and to minimize its environmental impact. In this paper, we are
particularly interested in the modeling of the regulatory constraints derived
from the Technical Guides issued by CSTB and used to validate Technical
Assessments. We first describe our approach for modeling regulatory constraints
in the SBVR language, and formalizing them in the SPARQL language. Second, we
describe how we model the processes of compliance checking described in the
CSTB Technical Guides. Third, we show how we implement these processes to
assist industrials in drafting Technical Documents in order to acquire a
Technical Assessment; a compliance report is automatically generated to explain
the compliance or noncompliance of this Technical Documents
Revisiting the Core Ontology and Problem in Requirements Engineering
In their seminal paper in the ACM Transactions on Software Engineering and
Methodology, Zave and Jackson established a core ontology for Requirements
Engineering (RE) and used it to formulate the "requirements problem", thereby
defining what it means to successfully complete RE. Given that stakeholders of
the system-to-be communicate the information needed to perform RE, we show that
Zave and Jackson's ontology is incomplete. It does not cover all types of basic
concerns that the stakeholders communicate. These include beliefs, desires,
intentions, and attitudes. In response, we propose a core ontology that covers
these concerns and is grounded in sound conceptual foundations resting on a
foundational ontology. The new core ontology for RE leads to a new formulation
of the requirements problem that extends Zave and Jackson's formulation. We
thereby establish new standards for what minimum information should be
represented in RE languages and new criteria for determining whether RE has
been successfully completed.Comment: Appears in the proceedings of the 16th IEEE International
Requirements Engineering Conference, 2008 (RE'08). Best paper awar
Revisiting the Core Ontology and Problem in Requirements Engineering
In their seminal paper in the ACM Transactions on Software Engineering and
Methodology, Zave and Jackson established a core ontology for Requirements
Engineering (RE) and used it to formulate the "requirements problem", thereby
defining what it means to successfully complete RE. Given that stakeholders of
the system-to-be communicate the information needed to perform RE, we show that
Zave and Jackson's ontology is incomplete. It does not cover all types of basic
concerns that the stakeholders communicate. These include beliefs, desires,
intentions, and attitudes. In response, we propose a core ontology that covers
these concerns and is grounded in sound conceptual foundations resting on a
foundational ontology. The new core ontology for RE leads to a new formulation
of the requirements problem that extends Zave and Jackson's formulation. We
thereby establish new standards for what minimum information should be
represented in RE languages and new criteria for determining whether RE has
been successfully completed.Comment: Appears in the proceedings of the 16th IEEE International
Requirements Engineering Conference, 2008 (RE'08). Best paper awar
A Systematic Classification and Analysis of NFRs
The main agenda of Requirements Engineering (RE) is the development of tools, techniques and languages for the elicitation, specification, negotiation, and validation of software requirements. However, this development has traditionally been focused on functional requirements (FRs), rather than non-functional requirements (NFRs). Consequently, NFR approaches developed over the years have been fragmental and there is a lack of clear understanding of the positions of these approaches in the RE process. This paper provides a systematic classification and analysis of 89 NFR approaches
Towards a new generation of security requirements definition methodology using ontologies
International audienceIn recent years, security in Information Systems (IS) has become an important issue, and needs to be taken into account in all stages of IS development, including the early phase of Requirement Engineering (RE). Recent studies proposed some useful approaches for security requirements definition but analysts still suffer from a considerable lack of knowledge about security and domain field. Ontologies are known to be wide sources of knowledge. We propose in this research to include ontologies into the requirements engineering process. Ontologies are factors in achieving success in requirements elicitation of high quality
Useful shortcuts: Using design heuristics for consent and permission in smart home devices
Prior research in smart home privacy highlights significant issues with how users understand, permit, and consent to data use. Some of the underlying issues point to unclear data protection regulations, lack of design principles, and dark patterns. In this paper, we explore heuristics (also called “mental shortcuts” or “rules of thumb”) as a means to address security and privacy design challenges in smart homes. First, we systematically analyze an existing body of data on smart homes to derive a set of heuristics for the design of consent and permission. Second, we apply these heuristics in four participatory co-design workshops (n = 14) and report on their use. Third, we analyze the use of the heuristics through thematic analysis highlighting heuristic application, purpose, and effectiveness in successful and unsuccessful design outcomes. We conclude with a discussion of the wider challenges, opportunities, and future work for improving design practices for consent in smart homes
- …