Using the AMAN-DA method to generate security requirements: a case study in the maritime domain

Security requirements are known to be “the most difficult of requirements types” and potentially the ones causing the greatest risk if they are not correct. One approach to requirements elicitation is based on the reuse of explicit knowledge. AMAN-DA is a requirement elicitation method that reuses e...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Requirements engineering 2018-11, Vol.23 (4), p.557-580
Hauptverfasser: Souag, Amina, Mazo, Raúl, Salinesi, Camille, Comyn-Wattiau, Isabelle
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Security requirements are known to be “the most difficult of requirements types” and potentially the ones causing the greatest risk if they are not correct. One approach to requirements elicitation is based on the reuse of explicit knowledge. AMAN-DA is a requirement elicitation method that reuses encapsulated knowledge in security and domain ontologies to produce security requirements specifications. The main research question addressed in this paper is to what extent is AMAN-DA able to generate domain-specific security requirements? Following a well-documented process, a case study related to the maritime domain was undertaken with the goal to demonstrate the utility and effectiveness of AMAN-DA for the elicitation and analysis of domain-specific security requirements. The usefulness of the method was also evaluated with a group of 12 experts. The paper demonstrates the elicitation of domain-specific security requirements by presenting the AMAN-DA method and its application. It describes the evaluation and reports some significant results and their implications for practice and future research, especially for the field of knowledge reuse in requirements engineering.
ISSN:0947-3602
1432-010X
DOI:10.1007/s00766-017-0279-5