Contextualisation of Data Flow Diagrams for security analysis

Data flow diagrams (DFDs) are popular for sketching systems for subsequent threat modelling. Their limited semantics make reasoning about them difficult, but enriching them endangers their simplicity and subsequent ease of take up. We present an approach for reasoning about tainted data flows in design-level DFDs by putting them in context with other complementary usability and requirements models. We illustrate our approach using a pilot study, where tainted data flows were identified without any augmentations to either the DFD or its complementary models

Adapting Secure Tropos for Security Risk Management during Early Phases of the Information Systems Development

Security is a major target for today’s information systems (IS) designers. Security modelling languages exist to reason on security in the early phases of IS development, when the most crucial design decisions are made. Reasoning on security involves analysing risk, and effectively communicating risk-related information. However, we think that current languages can be improved in this respect. In this paper, we discuss this issue for Secure Tropos, the language supporting the eponymous agent-based IS development. We analyse it and suggest improvements in the light of an existing reference model for IS security risk management. This allows for checking Secure Tropos concepts and terminology against those of current risk management standards, thereby improving the conceptual appropriateness of the language. The paper follows a running example, called eSAP, located in the healthcare domain

Increasing the semantic transparency of the KAOS goal model concrete syntax

FCT-MCTES SFRH/BD/108492/2015Stakeholders without formal training in requirements modelling languages, such as KAOS, struggle to understand requirements specifications. The lack of semantic transparency of the KAOS goal model concrete syntax is perceived as a communication barrier between stakeholders and requirements engineers. We report on a series of related empirical experiments that include the proposal of alternative concrete syntaxes for KAOS by leveraging design contributions from novices and their evaluation with respect to semantic transparency, in contrast with the standard KAOS goal model concrete syntax. We propose an alternative concrete syntax for KAOS that increases its semantic transparency (mean difference of.23, in [−1.00.1.00]) leading to a significantly higher correct symbol identification (mean difference of 19%) by novices. These results may be a stepping stone for reducing the communication gap between stakeholders and requirements engineers.preprintpublishe

Anatomy of the Unified Enterprise Modelling Ontology

Part 2: Full PapersInternational audienceThe Unified Enterprise Modelling Language (UEML) aims to become a hub for integrated use of enterprise and information systems (IS) models expressed using different languages. A central part of this hub is an extendible ontology into which modelling languages and their constructs can be mapped, so that precise semantic relations between the languages and constructs can be established by comparing their ontology mappings. The paper presents and discusses ongoing work on reformulating the UEML ontology as an OWL2 DL ontology, the Unified Enterprise Modelling Ontology (UEMO)

Evaluating the Effects of Different Requirements Representations on Writing Test Cases

Context and MotivationOne must test a system to ensure that the requirements are met, thus, tests are often derived manually from requirements. However, requirements representations are diverse; from traditional IEEE-style text, to models, to agile user stories, the RE community of research and practice has explored various ways to capture requirements. Question/problemBut, do these different representations influence the quality or coverage of test suites? The state-of-the-art does not provide insights on whether or not the representation of requirements has an impact on the coverage, quality, or size of the resulting test suite. ResultsIn this paper, we report on a family of three experiment replications conducted with 148 students which examines the effect of different requirements representations on test creation. We find that, in general, the different requirements representations have no statistically significant impact on the number of derived tests, but specific affordances of the representation effect test quality, e.g., traditional textual requirements make it easier to derive less abstract tests, whereas goal models yield less inconsistent test purpose descriptions. ContributionOur findings give insights on the effects of requirements representation on test derivation for novice testers. Our work is limited in the use of students

A modeling ontology for integrating vulnerabilities into security requirements conceptual foundations

Abstract. Vulnerabilities are weaknesses in the requirements, design, and implementation, which attackers exploit to compromise the system. This paper proposes a vulnerability-centric modeling ontology, which aims to integrate empirical knowledge of vulnerabilities into the system development process. In particular, we identify the basic concepts for modeling and analyzing vulnerabilities and their effects on the system. These concepts drive the definition of criteria that make it possible to compare and evaluate security frameworks based on vulnerabilities. We show how the proposed modeling ontology can be adopted in various conceptual modeling frameworks through examples.