Powered by
2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE),
August 25, 2014,
Karlskrona, Sweden
2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)
Frontmatter
Preface
Welcome to the Evolving Security and Privacy Requirements Engineering (ESPRE) Workshop in Karlskrona, Sweden on the 25th of August 2014, co-located with the RE 2014 conference. The main focus of ESPRE is to bring together practitioners and researchers interested in security and privacy requirements. ESPRE probes the interfaces between requirements engineering and security & privacy, and takes the first step in evolving security and privacy requirements engineering to meet a range of needs of stakeholders ranging from business analysts and security engineers to technology entrepreneurs and privacy advocates.
ESPRE’s goal is to advance the scope of current research to consider novel approaches to the elicitation, analysis, and refinement of security and privacy requirements. In particular, ESPRE fosters new visions and novel applications of requirements engineering; leveraging expertise; establishing security standards; and fusing security design, implementation, and validation stages into requirements engineering. Interdisciplinary work is encouraged to investigate possibilities for aligning language and methodologies of other disciplines (e.g., legal analysis or health care procedures) with requirements engineering.
Leveraging Expertise
Mon, Aug 25, 09:00 - 18:00
Semiautomatic Security Requirements Engineering and Evolution using Decision Documentation, Heuristics, and User Monitoring
Tom-Michael Hesse, Stefan Gärtner, Tobias Roehm, Barbara Paech, Kurt Schneider, and Bernd Bruegge
(University of Heidelberg, Germany; Leibniz Universität Hannover, Germany; TU München, Germany)
Security issues can have a significant negative impact
on the business or reputation of an organization. In most
cases they are not identified in requirements and are not continuously
monitored during software evolution. Therefore, the inability
of a system to conform to regulations or its endangerment by
new vulnerabilities is not recognized. In consequence, decisions
related to security might not be taken at all or become obsolete
quickly. But to evaluate efficiently whether an issue is already
addressed appropriately, software engineers need explicit decision
documentation. Often, such documentation is not performed due
to high overhead.
To cope with this problem, we propose to document decisions
made to address security requirements. To lower the
manual effort, information from heuristic analysis and end user
monitoring is incorporated. The heuristic assessment method
is used to identify security issues in given requirements automatically.
This helps to uncover security decisions needed
to mitigate those issues. We describe how the corresponding
security knowledge for each issue can be incorporated into the
decision documentation semiautomatically. In addition, violations
of security requirements at runtime are monitored. We show how
decisions related to those security requirements can be identified
through the documentation and updated manually. Overall, our
approach improves the quality and completeness of security
decision documentation to support the engineering and evolution
of security requirements.
@InProceedings{ESPRE14p1,
author = {Tom-Michael Hesse and Stefan Gärtner and Tobias Roehm and Barbara Paech and Kurt Schneider and Bernd Bruegge},
title = {Semiautomatic Security Requirements Engineering and Evolution using Decision Documentation, Heuristics, and User Monitoring},
booktitle = {Proc.\ ESPRE},
publisher = {IEEE},
pages = {1--6},
doi = {},
year = {2014},
}
Argumentation-Based Security Requirements Elicitation: The Next Round
Dan Ionita, Jan-Willem Bullee, and Roel J. Wieringa
(University of Twente, Netherlands)
Information Security Risk Assessment can be viewed as part of requirements engineering because it is used to translate security goals into security requirements, where security requirements are the desired system properties that mitigate threats to security goals.
To improve the defensibility of these mitigations, several researchers have attempted to base risk assessment on argumentation structures. However, none of these approaches have so far been scalable or usable in real-world risk assessments.
In this paper, we present the results from our search for a scalable argumentation-based information security RA method. We start from previous work on both formal argumentation frameworks and informal argument structuring and try to find a promising middle ground. An initial prototype using spreadsheets is validated and iteratively improved via several Case Studies. Challenges such as scalability, quantify-ability, ease of use, and relation to existing work in parallel fields are discussed. Finally, we explore the scope and applicability of our approach with regard to various classes of Information Systems while also drawing more general conclusions on the role of argumentation in security.
@InProceedings{ESPRE14p7,
author = {Dan Ionita and Jan-Willem Bullee and Roel J. Wieringa},
title = {Argumentation-Based Security Requirements Elicitation: The Next Round},
booktitle = {Proc.\ ESPRE},
publisher = {IEEE},
pages = {7--12},
doi = {},
year = {2014},
}
Towards a Framework to Measure Security Expertise in Requirements Analysis
Hanan Hibshi, Travis D. Breaux, Maria Riaz, and Laurie Williams
(Carnegie Mellon University, USA; King Abdul-Aziz University, Saudi Arabia; North Carolina State University, USA)
Research shows that commonly accepted security requirements are not generally applied in practice. Instead of relying on requirements checklists, security experts rely on their expertise and background knowledge to identify security vulnerabilities. To understand the gap between available checklists and practice, we conducted a series of interviews to encode the decision-making process of security experts and novices during security requirements analysis. Participants were asked to analyze two types of artifacts: source code, and network diagrams for vulnerabilities and to apply a requirements checklist to mitigate some of those vulnerabilities. We framed our study using Situation Awareness—a cognitive theory from psychology—to elicit responses that we later analyzed using coding theory and grounded analysis. We report our preliminary results of analyzing two interviews that reveal possible decision-making patterns that could characterize how analysts perceive, comprehend and project future threats which leads them to decide upon requirements and their specifications, in addition, to how experts use assumptions to overcome ambiguity in specifications. Our goal is to build a model that researchers can use to evaluate their security requirements methods against how experts transition through different situation awareness levels in their decision-making process.
@InProceedings{ESPRE14p13,
author = {Hanan Hibshi and Travis D. Breaux and Maria Riaz and Laurie Williams},
title = {Towards a Framework to Measure Security Expertise in Requirements Analysis},
booktitle = {Proc.\ ESPRE},
publisher = {IEEE},
pages = {13--18},
doi = {},
year = {2014},
}
Private, Legal (and Secure) by Design
Mon, Aug 25, 09:00 - 18:00
Engineering Privacy Requirements: Valuable Lessons from Another Realm
Yod-Samuel Martín, Jose M. del Alamo, and Juan C. Yelmo
(Universidad Politécnica de Madrid, Spain)
The Privacy by Design approach to systems engineering introduces privacy requirements in the early stages of development, instead of patching up a built system afterwards. However, 'vague', 'disconnected from technology', or 'aspirational' are some terms employed nowadays to refer to the privacy principles which must lead the development process. Although privacy has become a first-class citizen in the realm of non-functional requirements and some methodological frameworks help developers by providing design guidance, software engineers often miss a solid reference detailing which specific, technical requirements they must abide by, and a systematic methodology to follow. In this position paper, we look into a domain that has already successfully tackled these problems -web accessibility-, and propose translating their findings into the realm of privacy requirements engineering, analyzing as well the gaps not yet covered by current privacy initiatives.
@InProceedings{ESPRE14p19,
author = {Yod-Samuel Martín and Jose M. del Alamo and Juan C. Yelmo},
title = {Engineering Privacy Requirements: Valuable Lessons from Another Realm},
booktitle = {Proc.\ ESPRE},
publisher = {IEEE},
pages = {19--24},
doi = {},
year = {2014},
}
L-SQUARE: Preliminary Extension of the SQUARE Methodology to Address Legal Compliance
Aaron Alva and Lisa Young
(SEI, USA)
Laws and regulations must be considered in the requirements engineering process in order to help ensure legal compliance when developing software or engineering systems. To incorporate legal compliance considerations into the requirements engineering process, we introduce a preliminary extension of the SQUARE methodology, called L-SQUARE. In this paper, we develop L-SQUARE by discussing legal compliance concerns at each of the traditional nine steps in SQUARE. Then, we link existing research in requirements engineering and the law to each step, emphasizing where compliance concerns can be addressed. This preliminary extension of SQUARE sets existing research into an established methodology for requirements engineering, creating a framework for situating current research in legal compliance, and identifying gaps for future work.
@InProceedings{ESPRE14p25,
author = {Aaron Alva and Lisa Young},
title = {L-SQUARE: Preliminary Extension of the SQUARE Methodology to Address Legal Compliance},
booktitle = {Proc.\ ESPRE},
publisher = {IEEE},
pages = {25--30},
doi = {},
year = {2014},
}
Evolving Security Requirements Engineering
Mon, Aug 25, 09:00 - 18:00
Supporting Evolving Security Models for an Agile Security Evaluation
Wolfgang Raschke, Massimiliano Zilli, Philip Baumgartner, Johannes Loinig, Christian Steger, and Christian Kreiner
(Graz University of Technology, Austria; NXP Semiconductors, Austria)
At present, security-related engineering usually requires
a big up-front design (BUFD) regarding security requirements
and security design. In addition to the BUFD, at the
end of the development, a security evaluation process can take
up to several months. In today’s volatile markets customers
want to influence the software design during the development
process. Agile processes have proven to support these demands.
Nevertheless, there is a clash with traditional security design and
evaluation processes. In this paper, we propose an agile security
evaluation method for the Common Criteria standard. This
method is complemented by an implementation of a change
detection analysis for model-based security requirements. This
system facilitates the agile security evaluation process to a high
degree.
@InProceedings{ESPRE14p31,
author = {Wolfgang Raschke and Massimiliano Zilli and Philip Baumgartner and Johannes Loinig and Christian Steger and Christian Kreiner},
title = {Supporting Evolving Security Models for an Agile Security Evaluation},
booktitle = {Proc.\ ESPRE},
publisher = {IEEE},
pages = {31--36},
doi = {},
year = {2014},
}
Using Malware Analysis to Improve Security Requirements on Future Systems
Nancy R. Mead and Jose Andre Morales
(Carnegie Mellon University, USA)
In this position paper, we propose to enhance current software development lifecycle models by including use cases, based on previous cyberattacks and their associated malware, and to propose an open research question: Are specific types of systems prone to specific classes of malware exploits? If this is the case, developers can create future systems that are more secure, from inception, by including use cases that address previous attacks.
@InProceedings{ESPRE14p37,
author = {Nancy R. Mead and Jose Andre Morales},
title = {Using Malware Analysis to Improve Security Requirements on Future Systems},
booktitle = {Proc.\ ESPRE},
publisher = {IEEE},
pages = {37--41},
doi = {},
year = {2014},
}
Pattern-Based and ISO 27001 Compliant Risk Analysis for Cloud Systems
Azadeh Alebrahim, Denis Hatebur, and Ludger Goeke
(University of Duisburg-Essen, Germany; ITESYS, Germany)
For accepting clouds and using cloud services by companies, security plays a decisive role. For cloud providers,one way to obtain customers’ confidence is to establish security mechanisms when using clouds. The ISO 27001 standard provides general concepts for establishing information security in an organization. Risk analysis is an essential part in the ISO 27001 standard for achieving information security. This standard, however, contains ambiguous descriptions. In addition, it does not stipulate any method to identify assets, threats, and vulnerabilities. In this paper, we present a structured and pattern-based method to conduct risk analysis for cloud computing systems. It is tailored to SMEs. Our method addresses the requirements of the ISO 27001. We make use of the cloud system
analysis pattern, security requirement patterns, threat patterns, and control patterns for conducting the risk analysis. The method is illustrated by a cloud logistics application example.
@InProceedings{ESPRE14p42,
author = {Azadeh Alebrahim and Denis Hatebur and Ludger Goeke},
title = {Pattern-Based and ISO 27001 Compliant Risk Analysis for Cloud Systems},
booktitle = {Proc.\ ESPRE},
publisher = {IEEE},
pages = {42--47},
doi = {},
year = {2014},
}
proc time: 0.02