An Ontology Based Collaborative Recommender System for Security Requirements Elicitation

Abstract

Security requirements elicitation is considered a "wicked" problem. Open issues such as determining relevant set of secure requirements, uncertainty and poor decision-making by developers deserves the needed attention. Ontologies and recommender systems have been used in the requirements elicitation. The goals of this dissertation are to 1) develop an ontology-based collaborative recommender system to help with security requirements elicitation and conduct a system performance evaluation and 2) conduct user-centric study of stakeholders using the recommender system. This system will help recommend CAPEC/CWE that should be considered in a given system to be built based on the use case description and so doing will reduce the workload of eliciting relevant security requirements. An analysis of the system performance and user-centric effects will be used to evaluate usefulness of the recommender system for developers.