Modeling Security Requirements: Extending SysML with Security Requirements Engineering Concepts

Ilham Maskani; Jaouad Boutahar; Souha�L El Ghazi El Houssa�Ni

Research Article

Modeling Security Requirements: Extending SysML with Security Requirements Engineering Concepts

by Ilham Maskani, Jaouad Boutahar, Souha�L El Ghazi El Houssa�Ni

International Journal of Applied Information Systems

Foundation of Computer Science (FCS), NY, USA

Volume 12 - Issue 9

Published: Dec 2017

Authors: Ilham Maskani, Jaouad Boutahar, Souha�L El Ghazi El Houssa�Ni

10.5120/ijais2017451731

PDF

Ilham Maskani, Jaouad Boutahar, Souha�L El Ghazi El Houssa�Ni . Modeling Security Requirements: Extending SysML with Security Requirements Engineering Concepts. International Journal of Applied Information Systems. 12, 9 (Dec 2017), 30-36. DOI=10.5120/ijais2017451731

                        @article{ 10.5120/ijais2017451731,
                        author  = { Ilham Maskani,Jaouad Boutahar,Souha�L El Ghazi El Houssa�Ni },
                        title   = { Modeling Security Requirements: Extending SysML with Security Requirements Engineering Concepts },
                        journal = { International Journal of Applied Information Systems },
                        year    = { 2017 },
                        volume  = { 12 },
                        number  = { 9 },
                        pages   = { 30-36 },
                        doi     = { 10.5120/ijais2017451731 },
                        publisher = { Foundation of Computer Science (FCS), NY, USA }
                        }

                        %0 Journal Article
                        %D 2017
                        %A Ilham Maskani
                        %A Jaouad Boutahar
                        %A Souha�L El Ghazi El Houssa�Ni
                        %T Modeling Security Requirements: Extending SysML with Security Requirements Engineering Concepts%T 
                        %J International Journal of Applied Information Systems
                        %V 12
                        %N 9
                        %P 30-36
                        %R 10.5120/ijais2017451731
                        %I Foundation of Computer Science (FCS), NY, USA

Abstract

In Security Requirements Engineering, many approaches offer different ways to model security requirements. This paper presents a model that can be used in conjunction with any of the former approaches. The model is an extension of SysML requirements diagrams that adds concepts from Security Requirements Engineering: Stakeholder, Goal, Asset and Risk. The proposed model is illustrated by applying it to a telemedicine system.

References

I. Maskani, J. Boutahar, and S. EL Ghazi El Houssaïni, 2016, “Analysis of Security Requirements Engineering?: Towards a Comprehensive Approach,” IJACSA Int. J. Adv. Comput. Sci. Appl., vol. 7, no. 11, pp. 39–45, Nov. 2016.
“What is SysML? | OMG SysML.” [Online]. Available: http://www.omgsysml.org/what-is-sysml.htm. [Accessed: 14-Nov-2017].
“About the OMG System Modeling Language Specification Version 1.5.” [Online]. Available: http://www.omg.org/spec/SysML/1.5/. [Accessed: 14-Nov-2017].
“ISO/IEC 19514:2017 - Information technology -- Object management group systems modeling language (OMG SysML).” [Online]. Available: https://www.iso.org/standard/65231.html. [Accessed: 14-Nov-2017].
A. Van Lamsweerde and E. Letier, 2004, “From object orientation to goal orientation: A paradigm shift for requirements engineering,” in Radical Innovations of Software and Systems Engineering in the Future, Springer, 2004, pp. 325–340.
“i* Intentional STrategic Actor Relationships modelling - istar.” [Online]. Available: http://www.cs.toronto.edu/km/istar/. [Accessed: 30-Oct-2017].
“Tropos |.” [Online]. Available: http://www.troposproject.eu/. [Accessed: 09-Nov-2017].
“GRL.” [Online]. Available: http://www.cs.toronto.edu/km/GRL/. [Accessed: 09-Nov-2017].
“Z.151 : User Requirements Notation (URN) - Language definition.” [Online]. Available: https://www.itu.int/rec/T-REC-Z.151-201210-I/en. [Accessed: 09-Nov-2017].
N. A. Qureshi, I. J. Jureta, and A. Perini, 2012, “Towards a Requirements Modeling Language for Self-Adaptive Systems,” in Requirements Engineering: Foundation for Software Quality, 2012, pp. 263–279.
“ISO/IEC 27000:2016 - Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary,” ISO. [Online]. Available: http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=66435. [Accessed: 20-Oct-2016].
Mead N, Hough E, Stehney T , 2005, Security quality requirements engineering (SQUARE) methodology. Carnegie Mellon Software Engineering Institute, Technical report CMU/SEI-2005-TR-009.
S. F. Gürses and T. Santen, 2006, “Contextualizing Security Goals: A Method for Multilateral Security Requirements Elicitation.,” in ResearchGate, 2006, pp. 42–53.
C. B. Haley, R. Laney, J. D. Moffett, and B. Nuseibeh, 2008, “Security Requirements Engineering: A Framework for Representation and Analysis,” IEEE Trans. Softw. Eng., vol. 34, no. 1, pp. 133–153, Jan. 2008.
A. Zuccato, 2007, “Holistic security management framework applied in electronic commerce,” Comput. Secur., vol. 26, no. 3, pp. 256–265, May 2007.
A. van Lamsweerde, 2004, “Elaborating Security Requirements by Construction of Intentional Anti-Models,” in Proceedings of the 26th International Conference on Software Engineering, Washington, DC, USA, 2004, pp. 148–157.
P. Giorgini, F. Massacci, J. Mylopoulos, and N. Zannone, 2006, “Requirements engineering for trust management: model, methodology, and reasoning,” Int. J. Inf. Secur., vol. 5, no. 4, pp. 257–274, Aug. 2006.
E. Paja, F. Dalpiaz, and P. Giorgini, 2015, “Modelling and reasoning about security requirements in socio-technical systems,” Data Knowl. Eng., vol. 98, pp. 123–143, Jul. 2015.
D. Mellado, E. Fernández-Medina, and M. Piattini, 2007, “A common criteria based security requirements engineering process for the development of secure information systems,” Comput. Stand. Interfaces, vol. 29, no. 2, pp. 244–253, Feb. 2007.
J. Jurjens, 2010, Secure Systems Development with UML. Berlin, Heidelberg: Springer-Verlag, 2010.
P.Salini and S. Kanmani, 2012, “Security Requirements Engineering Process for Web Applications,” Procedia Eng., vol. 38, pp. 2799–2807, 2012.
T. Lodderstedt, D. Basin, and J. Doser, 2002, “SecureUML: A UML-based modeling language for model-driven security,” «UML» 2002— Unified Model. Lang., pp. 426–441, 2002.
T. M. Hale and J. C. Kvedar, 2014, “Privacy and Security Concerns in Telehealth,” Virtual Mentor, vol. 16, no. 12, p. 981, Jan. 2014.
V. Garg and J. Brewer, 2011, “Telemedicine Security: A Systematic Review,” J. Diabetes Sci. Technol., vol. 5, no. 3, p. 768, May 2011.
R. Laleau, F. Semmak, A. Matoussi, D. Petit, A. Hammad, and B. Tatibouet, 2010, “A first attempt to combine SysML requirements diagrams and B,” Innov. Syst. Softw. Eng., vol. 6, no. 1–2, pp. 47–54, Mar. 2010.
L. Apvrille and Y. Roudier, 2013, “SysML-Sec: A SysML environment for the design and development of secure embedded systems,” APCOSEC Asia-Pac. Counc. Syst. Eng., pp. 8–11, 2013.

Index Terms

Computer Science

Information Sciences

No index terms available.

Keywords

Requirements modeling; Security Requirements Engineering; SysML Extension