Goal-oriented security requirements analysis for a system used in several different activities

Haruhiko Kaiya; Takao Okubo; Nobuyuki Kanaya; Yuji Suzuki; Shinpei Ogata; Kenji Kaijiri; Nobukazu Yoshioka

doi:10.1007/978-3-642-38490-5_43

Goal-oriented security requirements analysis for a system used in several different activities

Haruhiko Kaiya, Takao Okubo, Nobuyuki Kanaya, Yuji Suzuki, Shinpei Ogata, Kenji Kaijiri, Nobukazu Yoshioka

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Citations (Scopus)

Abstract

Because an information system is used in different activities simultaneously today, we have to analyze usages of the system in the existing activities and to-be usages in an intended activity together. Especially, security aspects should be carefully analyzed because existing activities are not always secure. We propose a security requirements analysis method for resolving this problem. To take both existing and intended activities into account together, we integrate them on the basis of the unification of common actors. To explore possible attacks under integrated activities, we enumerate achievable attacks on the basis of the possible means in each actor with the help of security knowledge. To avoid or mitigate the attacks and to achieve fundamental goals, we disable some means or narrow down the means to be monitored with the help of propositional logic formulae. Through case studies on insurance business, we illustrated our idea.

Original language	English
Title of host publication	Advanced Information Systems Engineering Workshops - CAiSE 2013 International Workshops, Proceedings
Publisher	Springer Verlag
Pages	478-489
Number of pages	12
ISBN (Print)	9783642384899
DOIs	https://doi.org/10.1007/978-3-642-38490-5_43
Publication status	Published - 2013
Externally published	Yes
Event	25th Conference on Advanced Information Systems Engineering, CAiSE 2013 - Valencia, Spain Duration: 2013 Jun 17 → 2013 Jun 21

Publication series

Name	Lecture Notes in Business Information Processing
Volume	148 LNBIP
ISSN (Print)	1865-1348

Conference

Conference	25th Conference on Advanced Information Systems Engineering, CAiSE 2013
Country/Territory	Spain
City	Valencia
Period	13/6/17 → 13/6/21

Keywords

Goal-Oriented Requirements Analysis
Logic
Security Requirements Analysis
Strategic Dependency

ASJC Scopus subject areas

Management Information Systems
Control and Systems Engineering
Business and International Management
Information Systems
Modelling and Simulation
Information Systems and Management

Access to Document

10.1007/978-3-642-38490-5_43

Cite this

Kaiya, H., Okubo, T., Kanaya, N., Suzuki, Y., Ogata, S., Kaijiri, K., & Yoshioka, N. (2013). Goal-oriented security requirements analysis for a system used in several different activities. In Advanced Information Systems Engineering Workshops - CAiSE 2013 International Workshops, Proceedings (pp. 478-489). (Lecture Notes in Business Information Processing; Vol. 148 LNBIP). Springer Verlag. https://doi.org/10.1007/978-3-642-38490-5_43

Goal-oriented security requirements analysis for a system used in several different activities. / Kaiya, Haruhiko; Okubo, Takao; Kanaya, Nobuyuki et al.
Advanced Information Systems Engineering Workshops - CAiSE 2013 International Workshops, Proceedings. Springer Verlag, 2013. p. 478-489 (Lecture Notes in Business Information Processing; Vol. 148 LNBIP).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kaiya, H, Okubo, T, Kanaya, N, Suzuki, Y, Ogata, S, Kaijiri, K & Yoshioka, N 2013, Goal-oriented security requirements analysis for a system used in several different activities. in Advanced Information Systems Engineering Workshops - CAiSE 2013 International Workshops, Proceedings. Lecture Notes in Business Information Processing, vol. 148 LNBIP, Springer Verlag, pp. 478-489, 25th Conference on Advanced Information Systems Engineering, CAiSE 2013, Valencia, Spain, 13/6/17. https://doi.org/10.1007/978-3-642-38490-5_43

Kaiya H, Okubo T, Kanaya N, Suzuki Y, Ogata S, Kaijiri K et al. Goal-oriented security requirements analysis for a system used in several different activities. In Advanced Information Systems Engineering Workshops - CAiSE 2013 International Workshops, Proceedings. Springer Verlag. 2013. p. 478-489. (Lecture Notes in Business Information Processing). doi: 10.1007/978-3-642-38490-5_43

@inproceedings{011a3a89d9e449fc8a1174f3f8919bb0,

title = "Goal-oriented security requirements analysis for a system used in several different activities",

abstract = "Because an information system is used in different activities simultaneously today, we have to analyze usages of the system in the existing activities and to-be usages in an intended activity together. Especially, security aspects should be carefully analyzed because existing activities are not always secure. We propose a security requirements analysis method for resolving this problem. To take both existing and intended activities into account together, we integrate them on the basis of the unification of common actors. To explore possible attacks under integrated activities, we enumerate achievable attacks on the basis of the possible means in each actor with the help of security knowledge. To avoid or mitigate the attacks and to achieve fundamental goals, we disable some means or narrow down the means to be monitored with the help of propositional logic formulae. Through case studies on insurance business, we illustrated our idea.",

keywords = "Goal-Oriented Requirements Analysis, Logic, Security Requirements Analysis, Strategic Dependency",

author = "Haruhiko Kaiya and Takao Okubo and Nobuyuki Kanaya and Yuji Suzuki and Shinpei Ogata and Kenji Kaijiri and Nobukazu Yoshioka",

year = "2013",

doi = "10.1007/978-3-642-38490-5_43",

language = "English",

isbn = "9783642384899",

series = "Lecture Notes in Business Information Processing",

publisher = "Springer Verlag",

pages = "478--489",

booktitle = "Advanced Information Systems Engineering Workshops - CAiSE 2013 International Workshops, Proceedings",

note = "25th Conference on Advanced Information Systems Engineering, CAiSE 2013 ; Conference date: 17-06-2013 Through 21-06-2013",

}

TY - GEN

T1 - Goal-oriented security requirements analysis for a system used in several different activities

AU - Kaiya, Haruhiko

AU - Okubo, Takao

AU - Kanaya, Nobuyuki

AU - Suzuki, Yuji

AU - Ogata, Shinpei

AU - Kaijiri, Kenji

AU - Yoshioka, Nobukazu

PY - 2013

Y1 - 2013

N2 - Because an information system is used in different activities simultaneously today, we have to analyze usages of the system in the existing activities and to-be usages in an intended activity together. Especially, security aspects should be carefully analyzed because existing activities are not always secure. We propose a security requirements analysis method for resolving this problem. To take both existing and intended activities into account together, we integrate them on the basis of the unification of common actors. To explore possible attacks under integrated activities, we enumerate achievable attacks on the basis of the possible means in each actor with the help of security knowledge. To avoid or mitigate the attacks and to achieve fundamental goals, we disable some means or narrow down the means to be monitored with the help of propositional logic formulae. Through case studies on insurance business, we illustrated our idea.

AB - Because an information system is used in different activities simultaneously today, we have to analyze usages of the system in the existing activities and to-be usages in an intended activity together. Especially, security aspects should be carefully analyzed because existing activities are not always secure. We propose a security requirements analysis method for resolving this problem. To take both existing and intended activities into account together, we integrate them on the basis of the unification of common actors. To explore possible attacks under integrated activities, we enumerate achievable attacks on the basis of the possible means in each actor with the help of security knowledge. To avoid or mitigate the attacks and to achieve fundamental goals, we disable some means or narrow down the means to be monitored with the help of propositional logic formulae. Through case studies on insurance business, we illustrated our idea.

KW - Goal-Oriented Requirements Analysis

KW - Logic

KW - Security Requirements Analysis

KW - Strategic Dependency

UR - http://www.scopus.com/inward/record.url?scp=84879873991&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84879873991&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-38490-5_43

DO - 10.1007/978-3-642-38490-5_43

M3 - Conference contribution

AN - SCOPUS:84879873991

SN - 9783642384899

T3 - Lecture Notes in Business Information Processing

SP - 478

EP - 489

BT - Advanced Information Systems Engineering Workshops - CAiSE 2013 International Workshops, Proceedings

PB - Springer Verlag

T2 - 25th Conference on Advanced Information Systems Engineering, CAiSE 2013

Y2 - 17 June 2013 through 21 June 2013

ER -

Goal-oriented security requirements analysis for a system used in several different activities

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this