Towards Eliciting and Analyzing Security Requirements Using Ontologies through Use Case Scenarios (Work-in-Progress)

Abstract

As our reliance on large, complex and ubiquitous software system increases, so does the devastating consequences that a cyberattack can have to modern society. Building secure software systems requires a greater need for secure software engineering approaches that can detect and address security vulnerabilities at the earliest stages of the software development life cycle. This paper presents an approach to facilitate the elicitation of cybersecurity requirements based on enhancing the widely adopted technique of use case modeling by incorporating the use of an ontology. The ontology will model the semantic relationship of cybersecurity requirements. Utilizing this ontology, we propose an approach that can be used to reuse and share cybersecurity requirements, providing a potential for the rapid discovery and correction of software vulnerabilities in the development process.