Google scholar arxiv informatics ads IJAIS publications are indexed with Google Scholar, NASA ADS, Informatics et. al.

Call for Paper

-

March Edition 2023
International Journal of Applied Information Systems solicits high quality original research papers for the March 2023 Edition of the journal. The last date of research paper submission is February 15, 2023.

Modeling Security Requirements: Extending SysML with Security Requirements Engineering Concepts

Ilham Maskani, Jaouad Boutahar, Souhaïl El Ghazi El Houssaïni Published in Security

International Journal of Applied Information Systems
Year of Publication: 2017
Publisher: Foundation of Computer Science (FCS), NY, USA
Series: Volume 12 Number 9
Authors:Ilham Maskani, Jaouad Boutahar, Souhaïl El Ghazi El Houssaïni
10.5120/ijais2017451731
Download full text

  1. Ilham Maskani, Jaouad Boutahar and Souhal El Ghazi El Houssani. Modeling Security Requirements: Extending SysML with Security Requirements Engineering Concepts. International Journal of Applied Information Systems 12(9):30-36, December 2017. URL, DOI BibTeX

    @article{10.5120/ijais2017451731,
	author = "Ilham Maskani and Jaouad Boutahar and Souhal El Ghazi El Houssani",
	title = "Modeling Security Requirements: Extending SysML with Security Requirements Engineering Concepts",
	journal = "International Journal of Applied Information Systems",
	issue_date = "December 2017",
	volume = 12,
	number = 9,
	month = "Dec",
	year = 2017,
	issn = "2249-0868",
	pages = "30-36",
	url = "http://www.ijais.org/archives/volume12/number9/1016-2017451731",
	doi = "10.5120/ijais2017451731",
	publisher = "Foundation of Computer Science (FCS), NY, USA",
	address = "New York, USA"
}

Abstract

In Security Requirements Engineering, many approaches offer different ways to model security requirements. This paper presents a model that can be used in conjunction with any of the former approaches. The model is an extension of SysML requirements diagrams that adds concepts from Security Requirements Engineering: Stakeholder, Goal, Asset and Risk. The proposed model is illustrated by applying it to a telemedicine system.

Reference

  1. I. Maskani, J. Boutahar, and S. EL Ghazi El Houssaïni, 2016, “Analysis of Security Requirements Engineering?: Towards a Comprehensive Approach,” IJACSA Int. J. Adv. Comput. Sci. Appl., vol. 7, no. 11, pp. 39–45, Nov. 2016.
  2. “What is SysML? | OMG SysML.” [Online]. Available: http://www.omgsysml.org/what-is-sysml.htm. [Accessed: 14-Nov-2017].
  3. “About the OMG System Modeling Language Specification Version 1.5.” [Online]. Available: http://www.omg.org/spec/SysML/1.5/. [Accessed: 14-Nov-2017].
  4. “ISO/IEC 19514:2017 - Information technology -- Object management group systems modeling language (OMG SysML).” [Online]. Available: https://www.iso.org/standard/65231.html. [Accessed: 14-Nov-2017].
  5. A. Van Lamsweerde and E. Letier, 2004, “From object orientation to goal orientation: A paradigm shift for requirements engineering,” in Radical Innovations of Software and Systems Engineering in the Future, Springer, 2004, pp. 325–340.
  6. “i* Intentional STrategic Actor Relationships modelling - istar.” [Online]. Available: http://www.cs.toronto.edu/km/istar/. [Accessed: 30-Oct-2017].
  7. “Tropos |.” [Online]. Available: http://www.troposproject.eu/. [Accessed: 09-Nov-2017].
  8. “GRL.” [Online]. Available: http://www.cs.toronto.edu/km/GRL/. [Accessed: 09-Nov-2017].
  9. “Z.151 : User Requirements Notation (URN) - Language definition.” [Online]. Available: https://www.itu.int/rec/T-REC-Z.151-201210-I/en. [Accessed: 09-Nov-2017].
  10. N. A. Qureshi, I. J. Jureta, and A. Perini, 2012, “Towards a Requirements Modeling Language for Self-Adaptive Systems,” in Requirements Engineering: Foundation for Software Quality, 2012, pp. 263–279.
  11. “ISO/IEC 27000:2016 - Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary,” ISO. [Online]. Available: http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=66435. [Accessed: 20-Oct-2016].
  12. Mead N, Hough E, Stehney T , 2005, Security quality requirements engineering (SQUARE) methodology. Carnegie Mellon Software Engineering Institute, Technical report CMU/SEI-2005-TR-009.
  13. S. F. Gürses and T. Santen, 2006, “Contextualizing Security Goals: A Method for Multilateral Security Requirements Elicitation.,” in ResearchGate, 2006, pp. 42–53.
  14. C. B. Haley, R. Laney, J. D. Moffett, and B. Nuseibeh, 2008, “Security Requirements Engineering: A Framework for Representation and Analysis,” IEEE Trans. Softw. Eng., vol. 34, no. 1, pp. 133–153, Jan. 2008.
  15. A. Zuccato, 2007, “Holistic security management framework applied in electronic commerce,” Comput. Secur., vol. 26, no. 3, pp. 256–265, May 2007.
  16. A. van Lamsweerde, 2004, “Elaborating Security Requirements by Construction of Intentional Anti-Models,” in Proceedings of the 26th International Conference on Software Engineering, Washington, DC, USA, 2004, pp. 148–157.
  17. P. Giorgini, F. Massacci, J. Mylopoulos, and N. Zannone, 2006, “Requirements engineering for trust management: model, methodology, and reasoning,” Int. J. Inf. Secur., vol. 5, no. 4, pp. 257–274, Aug. 2006.
  18. E. Paja, F. Dalpiaz, and P. Giorgini, 2015, “Modelling and reasoning about security requirements in socio-technical systems,” Data Knowl. Eng., vol. 98, pp. 123–143, Jul. 2015.
  19. D. Mellado, E. Fernández-Medina, and M. Piattini, 2007, “A common criteria based security requirements engineering process for the development of secure information systems,” Comput. Stand. Interfaces, vol. 29, no. 2, pp. 244–253, Feb. 2007.
  20. J. Jurjens, 2010, Secure Systems Development with UML. Berlin, Heidelberg: Springer-Verlag, 2010.
  21. P.Salini and S. Kanmani, 2012, “Security Requirements Engineering Process for Web Applications,” Procedia Eng., vol. 38, pp. 2799–2807, 2012.
  22. T. Lodderstedt, D. Basin, and J. Doser, 2002, “SecureUML: A UML-based modeling language for model-driven security,” «UML» 2002— Unified Model. Lang., pp. 426–441, 2002.
  23. T. M. Hale and J. C. Kvedar, 2014, “Privacy and Security Concerns in Telehealth,” Virtual Mentor, vol. 16, no. 12, p. 981, Jan. 2014.
  24. V. Garg and J. Brewer, 2011, “Telemedicine Security: A Systematic Review,” J. Diabetes Sci. Technol., vol. 5, no. 3, p. 768, May 2011.
  25. R. Laleau, F. Semmak, A. Matoussi, D. Petit, A. Hammad, and B. Tatibouet, 2010, “A first attempt to combine SysML requirements diagrams and B,” Innov. Syst. Softw. Eng., vol. 6, no. 1–2, pp. 47–54, Mar. 2010.
  26. L. Apvrille and Y. Roudier, 2013, “SysML-Sec: A SysML environment for the design and development of secure embedded systems,” APCOSEC Asia-Pac. Counc. Syst. Eng., pp. 8–11, 2013.

Keywords

Requirements modeling; Security Requirements Engineering; SysML Extension