Loading [MathJax]/extensions/tex2jax.js

Maintaining requirements for long-living software systems by incorporating security knowledge

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Authors

  • Stefan Gärtner
  • Thomas Ruhroth
  • Jens Bürger
  • Kurt Schneider

Research Organisations

External Research Organisations

  • TU Dortmund University
Plum Print visual indicator of research metrics
  • Citations
    • Citation Indexes: 21
  • Captures
    • Readers: 48
see details

Details

Original languageEnglish
Title of host publication2014 IEEE 22nd International Requirements Engineering Conference, RE 2014 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages103-112
Number of pages10
ISBN (electronic)9781479930333
Publication statusPublished - 26 Sept 2014
Event2014 IEEE 22nd International Requirements Engineering Conference, RE 2014 - Karlskrona, Sweden
Duration: 25 Aug 201429 Aug 2014

Publication series

NameIEEE International Conference on Requirements Engineering Proceedings
ISSN (Print)1090-705X

Abstract

Security is an increasingly important quality facet in modern information systems and needs to be retained. Due to a constantly changing environment, long-living software systems "age" not by wearing out, but by failing to keep up-to-date with their environment. The problem is that requirements engineers usually do not have a complete overview of the security-related knowledge necessary to retain security of long-living software systems. This includes security standards, principles and guidelines as well as reported security incidents. In this paper, we focus on the identification of known vulnerabilities (and their variations) in natural-language requirements by leveraging security knowledge. For this purpose, we present an integrative security knowledge model and a heuristic method to detect vulnerabilities in requirements based on reported security incidents. To support knowledge evolution, we further propose a method based on natural language analysis to refine and to adapt security knowledge. Our evaluation indicates that the proposed assessment approach detects vulnerable requirements more reliable than other methods (Bayes, SVM, k-NN). Thus, requirements engineers can react faster and more effectively to a changing environment that has an impact on the desired security level of the information system.

Keywords

    Heuristics, Knowledge carrying software, Requirements analysis, Security requirements, Software evolution

ASJC Scopus subject areas

Cite this

Maintaining requirements for long-living software systems by incorporating security knowledge. / Gärtner, Stefan; Ruhroth, Thomas; Bürger, Jens et al.
2014 IEEE 22nd International Requirements Engineering Conference, RE 2014 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2014. p. 103-112 6912252 (IEEE International Conference on Requirements Engineering Proceedings).

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Gärtner, S, Ruhroth, T, Bürger, J, Schneider, K & Jürjens, J 2014, Maintaining requirements for long-living software systems by incorporating security knowledge. in 2014 IEEE 22nd International Requirements Engineering Conference, RE 2014 - Proceedings., 6912252, IEEE International Conference on Requirements Engineering Proceedings, Institute of Electrical and Electronics Engineers Inc., pp. 103-112, 2014 IEEE 22nd International Requirements Engineering Conference, RE 2014, Karlskrona, Sweden, 25 Aug 2014. https://doi.org/10.1109/RE.2014.6912252
Gärtner, S., Ruhroth, T., Bürger, J., Schneider, K., & Jürjens, J. (2014). Maintaining requirements for long-living software systems by incorporating security knowledge. In 2014 IEEE 22nd International Requirements Engineering Conference, RE 2014 - Proceedings (pp. 103-112). Article 6912252 (IEEE International Conference on Requirements Engineering Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/RE.2014.6912252
Gärtner S, Ruhroth T, Bürger J, Schneider K, Jürjens J. Maintaining requirements for long-living software systems by incorporating security knowledge. In 2014 IEEE 22nd International Requirements Engineering Conference, RE 2014 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2014. p. 103-112. 6912252. (IEEE International Conference on Requirements Engineering Proceedings). doi: 10.1109/RE.2014.6912252
Gärtner, Stefan ; Ruhroth, Thomas ; Bürger, Jens et al. / Maintaining requirements for long-living software systems by incorporating security knowledge. 2014 IEEE 22nd International Requirements Engineering Conference, RE 2014 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2014. pp. 103-112 (IEEE International Conference on Requirements Engineering Proceedings).
Download
@inproceedings{ca2a399905d944dc89d91fbd63e048b3,
title = "Maintaining requirements for long-living software systems by incorporating security knowledge",
abstract = "Security is an increasingly important quality facet in modern information systems and needs to be retained. Due to a constantly changing environment, long-living software systems {"}age{"} not by wearing out, but by failing to keep up-to-date with their environment. The problem is that requirements engineers usually do not have a complete overview of the security-related knowledge necessary to retain security of long-living software systems. This includes security standards, principles and guidelines as well as reported security incidents. In this paper, we focus on the identification of known vulnerabilities (and their variations) in natural-language requirements by leveraging security knowledge. For this purpose, we present an integrative security knowledge model and a heuristic method to detect vulnerabilities in requirements based on reported security incidents. To support knowledge evolution, we further propose a method based on natural language analysis to refine and to adapt security knowledge. Our evaluation indicates that the proposed assessment approach detects vulnerable requirements more reliable than other methods (Bayes, SVM, k-NN). Thus, requirements engineers can react faster and more effectively to a changing environment that has an impact on the desired security level of the information system.",
keywords = "Heuristics, Knowledge carrying software, Requirements analysis, Security requirements, Software evolution",
author = "Stefan G{\"a}rtner and Thomas Ruhroth and Jens B{\"u}rger and Kurt Schneider and Jan J{\"u}rjens",
note = "Publisher Copyright: {\textcopyright} 2014 IEEE.; 2014 IEEE 22nd International Requirements Engineering Conference, RE 2014 ; Conference date: 25-08-2014 Through 29-08-2014",
year = "2014",
month = sep,
day = "26",
doi = "10.1109/RE.2014.6912252",
language = "English",
series = "IEEE International Conference on Requirements Engineering Proceedings",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "103--112",
booktitle = "2014 IEEE 22nd International Requirements Engineering Conference, RE 2014 - Proceedings",
address = "United States",

}

Download

TY - GEN

T1 - Maintaining requirements for long-living software systems by incorporating security knowledge

AU - Gärtner, Stefan

AU - Ruhroth, Thomas

AU - Bürger, Jens

AU - Schneider, Kurt

AU - Jürjens, Jan

N1 - Publisher Copyright: © 2014 IEEE.

PY - 2014/9/26

Y1 - 2014/9/26

N2 - Security is an increasingly important quality facet in modern information systems and needs to be retained. Due to a constantly changing environment, long-living software systems "age" not by wearing out, but by failing to keep up-to-date with their environment. The problem is that requirements engineers usually do not have a complete overview of the security-related knowledge necessary to retain security of long-living software systems. This includes security standards, principles and guidelines as well as reported security incidents. In this paper, we focus on the identification of known vulnerabilities (and their variations) in natural-language requirements by leveraging security knowledge. For this purpose, we present an integrative security knowledge model and a heuristic method to detect vulnerabilities in requirements based on reported security incidents. To support knowledge evolution, we further propose a method based on natural language analysis to refine and to adapt security knowledge. Our evaluation indicates that the proposed assessment approach detects vulnerable requirements more reliable than other methods (Bayes, SVM, k-NN). Thus, requirements engineers can react faster and more effectively to a changing environment that has an impact on the desired security level of the information system.

AB - Security is an increasingly important quality facet in modern information systems and needs to be retained. Due to a constantly changing environment, long-living software systems "age" not by wearing out, but by failing to keep up-to-date with their environment. The problem is that requirements engineers usually do not have a complete overview of the security-related knowledge necessary to retain security of long-living software systems. This includes security standards, principles and guidelines as well as reported security incidents. In this paper, we focus on the identification of known vulnerabilities (and their variations) in natural-language requirements by leveraging security knowledge. For this purpose, we present an integrative security knowledge model and a heuristic method to detect vulnerabilities in requirements based on reported security incidents. To support knowledge evolution, we further propose a method based on natural language analysis to refine and to adapt security knowledge. Our evaluation indicates that the proposed assessment approach detects vulnerable requirements more reliable than other methods (Bayes, SVM, k-NN). Thus, requirements engineers can react faster and more effectively to a changing environment that has an impact on the desired security level of the information system.

KW - Heuristics

KW - Knowledge carrying software

KW - Requirements analysis

KW - Security requirements

KW - Software evolution

UR - http://www.scopus.com/inward/record.url?scp=84909967412&partnerID=8YFLogxK

U2 - 10.1109/RE.2014.6912252

DO - 10.1109/RE.2014.6912252

M3 - Conference contribution

AN - SCOPUS:84909967412

T3 - IEEE International Conference on Requirements Engineering Proceedings

SP - 103

EP - 112

BT - 2014 IEEE 22nd International Requirements Engineering Conference, RE 2014 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2014 IEEE 22nd International Requirements Engineering Conference, RE 2014

Y2 - 25 August 2014 through 29 August 2014

ER -

By the same author(s)