Ecole d'ingénieur et centre de recherche en Sciences du numérique

Improved security requirements engineering using knowledge representation

Roudier, Yves; Idrees, Muhammad Sabir; Apvrille, Ludovic

SAR-SSI 2014, 9ème Conférence sur la Sécurité des Architectures Réseaux et des Systèmes d'Information, May 13-16, 2014, Saint-Germain-Au-Mont-D'Or, France

We introduce in this paper a security meta-model for our SysML-Sec framework, developed to improve the security requirements engineering process through the explicit representation of security concerns with knowledge representation techniques. This meta-model enables the specification of ontological concepts which define the semantics of the security artifacts introduced through SysML-Sec diagrams. This meta-model also enables representing the relationships that tie several such concepts together. This representation is then used for reasoning about the knowledge introduced by system designers as well as security experts through the graphical environment of the SysML-Sec framework. In addition to its documentary aspect, such a meta-model makes it possible to introduce different types of verifications of security requirements and threats, and especially consistency checks regarding the content of all diagrams. We finally present a prototype that integrates meta-model descriptions into the SysML-Sec framework and its implementation using Semantic Web technologies.

Document Bibtex

Titre:Improved security requirements engineering using knowledge representation
Mots Clés:SysML, security, embedded systems, model driven engineering
Type:Conférence
Langue:English
Ville:Saint-Germain-Au-Mont-D'Or
Pays:FRANCE
Date:
Département:Sécurité numérique
Eurecom ref:4261
Copyright: © INRIA. Personal use of this material is permitted. The definitive version of this paper was published in SAR-SSI 2014, 9ème Conférence sur la Sécurité des Architectures Réseaux et des Systèmes d'Information, May 13-16, 2014, Saint-Germain-Au-Mont-D'Or, France and is available at :
Bibtex: @inproceedings{EURECOM+4261, year = {2014}, title = {{I}mproved security requirements engineering using knowledge representation}, author = {{R}oudier, {Y}ves and {I}drees, {M}uhammad {S}abir and {A}pvrille, {L}udovic}, booktitle = {{SAR}-{SSI} 2014, 9{\`e}me {C}onf{\'e}rence sur la {S}{\'e}curit{\'e} des {A}rchitectures {R}{\'e}seaux et des {S}yst{\`e}mes d'{I}nformation, {M}ay 13-16, 2014, {S}aint-{G}ermain-{A}u-{M}ont-{D}'{O}r, {F}rance}, address = {{S}aint-{G}ermain-{A}u-{M}ont-{D}'{O}r, {FRANCE}}, month = {05}, url = {http://www.eurecom.fr/publication/4261} }
Voir aussi: