Pattern-based security requirements specification using ontologies and boilerplates

The task of specifying and managing security requirements (SR) is a challenging one. Usually SR are often neglected or considered too late - leading to poor design, and cost overruns. Also, there is scarce expertise in managing SR, because most requirements engineering teams do not include security experts, which leads to prevalence of too vague or overly specific SR. In this work, we present an ontology-based approach that uses predefined pattern-based templates - requirements boilerplates - to aid requirements engineers in the formulation of SR. We realized the approach via a prototype tool that enables the formulation of SR from textual misuse case (TMUC) descriptions of security threat scenarios. The results from a preliminary evaluation suggest the viability of the proposed approach, in that the tool was judged as easy to use, supports reuse, and facilitates the formulation of good quality SR

A conceptual framework for semantic case-based safety analysis

Hazard and Operability (HAZOP) Analysis and Failure Mode and Effect Analysis (FMEA) are among the most widely used safety analysis procedures in the development of safety-critical and embedded systems. These analyses are generally perceived as complex and time-consuming, hindering an effective reuse of previous results or experiences. In this paper we present a conceptual semantic case-based framework for safety analysis, which facilitates the reuse of previous HAZOP and FMEA experiences in order to reduce the time and effort associated with these analyses. We present the core technologies of the conceptual framework and evaluated a prototype of the framework, KROSA, in an experiment with domain experts at ABB Norway. Initial results confirm the viability of the conceptual framework for industrial applicatio