FESR: A framework for eliciting security requirements based on integration of common criteria and weakness detection formal model

Hongbo Li; Xiaohong Li; Jianye Hao; Guangquan Xu; Zhiyong Feng; Xiaofei Xie

doi:10.1109/QRS.2017.45

FESR: A framework for eliciting security requirements based on integration of common criteria and weakness detection formal model

Hongbo Li, Xiaohong Li, Jianye Hao, Guangquan Xu, Zhiyong Feng, Xiaofei Xie

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

10 Citations (Scopus)

Abstract

It is critical and foremost to come up with the corresponding security requirements first which the following implementations are based on. However, previous security requirement elicitation work based on Common Criteria (CC) rarely addresses the detailed elicitation process of threats from specific functional requirements, which thus results in the widen gap between specific functional requirements and their corresponding threats. To this end, this paper proposes a framework for eliciting corresponding security requirements of specific functional requirements from the requirements specification. A formal model is built in the framework to assist requirement analysts in half-automatic collecting threats. To enhance the framework's automaticity and reusability, a security property base is constructed based on authoritative sources of security properties to support the framework. A practical information system is applied to verify the framework's practicability. Finally the framework's advantages and limitations are discussed thoroughly compared with previous approaches and useful insights are revealed.

Original language	English
Title of host publication	Proceedings - 2017 IEEE International Conference on Software Quality, Reliability and Security, QRS 2017
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	352-363
Number of pages	12
ISBN (Electronic)	9781538605929
DOIs	https://doi.org/10.1109/QRS.2017.45
Publication status	Published - Aug 11 2017
Externally published	Yes
Event	17th IEEE International Conference on Software Quality, Reliability and Security, QRS 2017 - Prague, Czech Republic Duration: Jul 25 2017 → Jul 29 2017

Publication series

Name	Proceedings - 2017 IEEE International Conference on Software Quality, Reliability and Security, QRS 2017

Conference

Conference	17th IEEE International Conference on Software Quality, Reliability and Security, QRS 2017
Country/Territory	Czech Republic
City	Prague
Period	7/25/17 → 7/29/17

All Science Journal Classification (ASJC) codes

Software
Safety, Risk, Reliability and Quality

Access to Document

10.1109/QRS.2017.45

Cite this

Li, H., Li, X., Hao, J., Xu, G., Feng, Z., & Xie, X. (2017). FESR: A framework for eliciting security requirements based on integration of common criteria and weakness detection formal model. In Proceedings - 2017 IEEE International Conference on Software Quality, Reliability and Security, QRS 2017 (pp. 352-363). Article 8009939 (Proceedings - 2017 IEEE International Conference on Software Quality, Reliability and Security, QRS 2017). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/QRS.2017.45

FESR: A framework for eliciting security requirements based on integration of common criteria and weakness detection formal model. / Li, Hongbo; Li, Xiaohong; Hao, Jianye et al.
Proceedings - 2017 IEEE International Conference on Software Quality, Reliability and Security, QRS 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 352-363 8009939 (Proceedings - 2017 IEEE International Conference on Software Quality, Reliability and Security, QRS 2017).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Li, H, Li, X, Hao, J, Xu, G, Feng, Z & Xie, X 2017, FESR: A framework for eliciting security requirements based on integration of common criteria and weakness detection formal model. in Proceedings - 2017 IEEE International Conference on Software Quality, Reliability and Security, QRS 2017., 8009939, Proceedings - 2017 IEEE International Conference on Software Quality, Reliability and Security, QRS 2017, Institute of Electrical and Electronics Engineers Inc., pp. 352-363, 17th IEEE International Conference on Software Quality, Reliability and Security, QRS 2017, Prague, Czech Republic, 7/25/17. https://doi.org/10.1109/QRS.2017.45

Li H, Li X, Hao J, Xu G, Feng Z, Xie X. FESR: A framework for eliciting security requirements based on integration of common criteria and weakness detection formal model. In Proceedings - 2017 IEEE International Conference on Software Quality, Reliability and Security, QRS 2017. Institute of Electrical and Electronics Engineers Inc. 2017. p. 352-363. 8009939. (Proceedings - 2017 IEEE International Conference on Software Quality, Reliability and Security, QRS 2017). doi: 10.1109/QRS.2017.45

Li, Hongbo ; Li, Xiaohong ; Hao, Jianye et al. / FESR : A framework for eliciting security requirements based on integration of common criteria and weakness detection formal model. Proceedings - 2017 IEEE International Conference on Software Quality, Reliability and Security, QRS 2017. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 352-363 (Proceedings - 2017 IEEE International Conference on Software Quality, Reliability and Security, QRS 2017).

@inproceedings{d7330038673c42e390eede12fb1fbb47,

title = "FESR: A framework for eliciting security requirements based on integration of common criteria and weakness detection formal model",

abstract = "It is critical and foremost to come up with the corresponding security requirements first which the following implementations are based on. However, previous security requirement elicitation work based on Common Criteria (CC) rarely addresses the detailed elicitation process of threats from specific functional requirements, which thus results in the widen gap between specific functional requirements and their corresponding threats. To this end, this paper proposes a framework for eliciting corresponding security requirements of specific functional requirements from the requirements specification. A formal model is built in the framework to assist requirement analysts in half-automatic collecting threats. To enhance the framework's automaticity and reusability, a security property base is constructed based on authoritative sources of security properties to support the framework. A practical information system is applied to verify the framework's practicability. Finally the framework's advantages and limitations are discussed thoroughly compared with previous approaches and useful insights are revealed.",

author = "Hongbo Li and Xiaohong Li and Jianye Hao and Guangquan Xu and Zhiyong Feng and Xiaofei Xie",

note = "Funding Information: ACKNOWLEDGMENT This work has partially been sponsored by the National Science Foundation of China (No. 61572349ˈ61272106). Publisher Copyright: {\textcopyright} 2017 IEEE.; 17th IEEE International Conference on Software Quality, Reliability and Security, QRS 2017 ; Conference date: 25-07-2017 Through 29-07-2017",

year = "2017",

month = aug,

day = "11",

doi = "10.1109/QRS.2017.45",

language = "English",

series = "Proceedings - 2017 IEEE International Conference on Software Quality, Reliability and Security, QRS 2017",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "352--363",

booktitle = "Proceedings - 2017 IEEE International Conference on Software Quality, Reliability and Security, QRS 2017",

address = "United States",

}

TY - GEN

T1 - FESR

T2 - 17th IEEE International Conference on Software Quality, Reliability and Security, QRS 2017

AU - Li, Hongbo

AU - Li, Xiaohong

AU - Hao, Jianye

AU - Xu, Guangquan

AU - Feng, Zhiyong

AU - Xie, Xiaofei

PY - 2017/8/11

Y1 - 2017/8/11

N2 - It is critical and foremost to come up with the corresponding security requirements first which the following implementations are based on. However, previous security requirement elicitation work based on Common Criteria (CC) rarely addresses the detailed elicitation process of threats from specific functional requirements, which thus results in the widen gap between specific functional requirements and their corresponding threats. To this end, this paper proposes a framework for eliciting corresponding security requirements of specific functional requirements from the requirements specification. A formal model is built in the framework to assist requirement analysts in half-automatic collecting threats. To enhance the framework's automaticity and reusability, a security property base is constructed based on authoritative sources of security properties to support the framework. A practical information system is applied to verify the framework's practicability. Finally the framework's advantages and limitations are discussed thoroughly compared with previous approaches and useful insights are revealed.

AB - It is critical and foremost to come up with the corresponding security requirements first which the following implementations are based on. However, previous security requirement elicitation work based on Common Criteria (CC) rarely addresses the detailed elicitation process of threats from specific functional requirements, which thus results in the widen gap between specific functional requirements and their corresponding threats. To this end, this paper proposes a framework for eliciting corresponding security requirements of specific functional requirements from the requirements specification. A formal model is built in the framework to assist requirement analysts in half-automatic collecting threats. To enhance the framework's automaticity and reusability, a security property base is constructed based on authoritative sources of security properties to support the framework. A practical information system is applied to verify the framework's practicability. Finally the framework's advantages and limitations are discussed thoroughly compared with previous approaches and useful insights are revealed.

UR - http://www.scopus.com/inward/record.url?scp=85029436904&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85029436904&partnerID=8YFLogxK

U2 - 10.1109/QRS.2017.45

DO - 10.1109/QRS.2017.45

M3 - Conference contribution

AN - SCOPUS:85029436904

T3 - Proceedings - 2017 IEEE International Conference on Software Quality, Reliability and Security, QRS 2017

SP - 352

EP - 363

BT - Proceedings - 2017 IEEE International Conference on Software Quality, Reliability and Security, QRS 2017

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 25 July 2017 through 29 July 2017

ER -

FESR: A framework for eliciting security requirements based on integration of common criteria and weakness detection formal model

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this