Powered by
Conference Publishing Consulting

2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), August 25, 2014, Karlskrona, Sweden

ESPRE 2014 – Proceedings

Contents - Abstracts - Authors

2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)


Title Page

Welcome to the Evolving Security and Privacy Requirements Engineering (ESPRE) Workshop in Karlskrona, Sweden on the 25th of August 2014, co-located with the RE 2014 conference. The main focus of ESPRE is to bring together practitioners and researchers interested in security and privacy requirements. ESPRE probes the interfaces between requirements engineering and security & privacy, and takes the first step in evolving security and privacy requirements engineering to meet a range of needs of stakeholders ranging from business analysts and security engineers to technology entrepreneurs and privacy advocates. ESPRE’s goal is to advance the scope of current research to consider novel approaches to the elicitation, analysis, and refinement of security and privacy requirements. In particular, ESPRE fosters new visions and novel applications of requirements engineering; leveraging expertise; establishing security standards; and fusing security design, implementation, and validation stages into requirements engineering. Interdisciplinary work is encouraged to investigate possibilities for aligning language and methodologies of other disciplines (e.g., legal analysis or health care procedures) with requirements engineering.

Leveraging Expertise

Semiautomatic Security Requirements Engineering and Evolution using Decision Documentation, Heuristics, and User Monitoring
Tom-Michael Hesse, Stefan Gärtner, Tobias Roehm, Barbara Paech, Kurt Schneider, and Bernd Bruegge
(University of Heidelberg, Germany; Leibniz Universität Hannover, Germany; TU München, Germany)
Security issues can have a significant negative impact on the business or reputation of an organization. In most cases they are not identified in requirements and are not continuously monitored during software evolution. Therefore, the inability of a system to conform to regulations or its endangerment by new vulnerabilities is not recognized. In consequence, decisions related to security might not be taken at all or become obsolete quickly. But to evaluate efficiently whether an issue is already addressed appropriately, software engineers need explicit decision documentation. Often, such documentation is not performed due to high overhead. To cope with this problem, we propose to document decisions made to address security requirements. To lower the manual effort, information from heuristic analysis and end user monitoring is incorporated. The heuristic assessment method is used to identify security issues in given requirements automatically. This helps to uncover security decisions needed to mitigate those issues. We describe how the corresponding security knowledge for each issue can be incorporated into the decision documentation semiautomatically. In addition, violations of security requirements at runtime are monitored. We show how decisions related to those security requirements can be identified through the documentation and updated manually. Overall, our approach improves the quality and completeness of security decision documentation to support the engineering and evolution of security requirements.
Article Search
Argumentation-Based Security Requirements Elicitation: The Next Round
Dan Ionita, Jan-Willem Bullee, and Roel J. Wieringa
(University of Twente, Netherlands)
Information Security Risk Assessment can be viewed as part of requirements engineering because it is used to translate security goals into security requirements, where security requirements are the desired system properties that mitigate threats to security goals. To improve the defensibility of these mitigations, several researchers have attempted to base risk assessment on argumentation structures. However, none of these approaches have so far been scalable or usable in real-world risk assessments. In this paper, we present the results from our search for a scalable argumentation-based information security RA method. We start from previous work on both formal argumentation frameworks and informal argument structuring and try to find a promising middle ground. An initial prototype using spreadsheets is validated and iteratively improved via several Case Studies. Challenges such as scalability, quantify-ability, ease of use, and relation to existing work in parallel fields are discussed. Finally, we explore the scope and applicability of our approach with regard to various classes of Information Systems while also drawing more general conclusions on the role of argumentation in security.
Article Search
Towards a Framework to Measure Security Expertise in Requirements Analysis
Hanan Hibshi, Travis D. Breaux, Maria Riaz, and Laurie Williams
(Carnegie Mellon University, USA; King Abdul-Aziz University, Saudi Arabia; North Carolina State University, USA)
Research shows that commonly accepted security requirements are not generally applied in practice. Instead of relying on requirements checklists, security experts rely on their expertise and background knowledge to identify security vulnerabilities. To understand the gap between available checklists and practice, we conducted a series of interviews to encode the decision-making process of security experts and novices during security requirements analysis. Participants were asked to analyze two types of artifacts: source code, and network diagrams for vulnerabilities and to apply a requirements checklist to mitigate some of those vulnerabilities. We framed our study using Situation Awareness—a cognitive theory from psychology—to elicit responses that we later analyzed using coding theory and grounded analysis. We report our preliminary results of analyzing two interviews that reveal possible decision-making patterns that could characterize how analysts perceive, comprehend and project future threats which leads them to decide upon requirements and their specifications, in addition, to how experts use assumptions to overcome ambiguity in specifications. Our goal is to build a model that researchers can use to evaluate their security requirements methods against how experts transition through different situation awareness levels in their decision-making process.
Article Search

Private, Legal (and Secure) by Design

Engineering Privacy Requirements: Valuable Lessons from Another Realm
Yod-Samuel Martín, Jose M. del Alamo, and Juan C. Yelmo
(Universidad Politécnica de Madrid, Spain)
The Privacy by Design approach to systems engineering introduces privacy requirements in the early stages of development, instead of patching up a built system afterwards. However, 'vague', 'disconnected from technology', or 'aspirational' are some terms employed nowadays to refer to the privacy principles which must lead the development process. Although privacy has become a first-class citizen in the realm of non-functional requirements and some methodological frameworks help developers by providing design guidance, software engineers often miss a solid reference detailing which specific, technical requirements they must abide by, and a systematic methodology to follow. In this position paper, we look into a domain that has already successfully tackled these problems -web accessibility-, and propose translating their findings into the realm of privacy requirements engineering, analyzing as well the gaps not yet covered by current privacy initiatives.
Article Search
L-SQUARE: Preliminary Extension of the SQUARE Methodology to Address Legal Compliance
Aaron Alva and Lisa Young
Laws and regulations must be considered in the requirements engineering process in order to help ensure legal compliance when developing software or engineering systems. To incorporate legal compliance considerations into the requirements engineering process, we introduce a preliminary extension of the SQUARE methodology, called L-SQUARE. In this paper, we develop L-SQUARE by discussing legal compliance concerns at each of the traditional nine steps in SQUARE. Then, we link existing research in requirements engineering and the law to each step, emphasizing where compliance concerns can be addressed. This preliminary extension of SQUARE sets existing research into an established methodology for requirements engineering, creating a framework for situating current research in legal compliance, and identifying gaps for future work.
Article Search

Evolving Security Requirements Engineering

Supporting Evolving Security Models for an Agile Security Evaluation
Wolfgang Raschke, Massimiliano Zilli, Philip Baumgartner, Johannes Loinig, Christian Steger, and Christian Kreiner
(Graz University of Technology, Austria; NXP Semiconductors, Austria)
At present, security-related engineering usually requires a big up-front design (BUFD) regarding security requirements and security design. In addition to the BUFD, at the end of the development, a security evaluation process can take up to several months. In today’s volatile markets customers want to influence the software design during the development process. Agile processes have proven to support these demands. Nevertheless, there is a clash with traditional security design and evaluation processes. In this paper, we propose an agile security evaluation method for the Common Criteria standard. This method is complemented by an implementation of a change detection analysis for model-based security requirements. This system facilitates the agile security evaluation process to a high degree.
Article Search
Using Malware Analysis to Improve Security Requirements on Future Systems
Nancy R. Mead and Jose Andre Morales
(Carnegie Mellon University, USA)
In this position paper, we propose to enhance current software development lifecycle models by including use cases, based on previous cyberattacks and their associated malware, and to propose an open research question: Are specific types of systems prone to specific classes of malware exploits? If this is the case, developers can create future systems that are more secure, from inception, by including use cases that address previous attacks.
Article Search
Pattern-Based and ISO 27001 Compliant Risk Analysis for Cloud Systems
Azadeh Alebrahim, Denis Hatebur, and Ludger Goeke
(University of Duisburg-Essen, Germany; ITESYS, Germany)
For accepting clouds and using cloud services by companies, security plays a decisive role. For cloud providers,one way to obtain customers’ confidence is to establish security mechanisms when using clouds. The ISO 27001 standard provides general concepts for establishing information security in an organization. Risk analysis is an essential part in the ISO 27001 standard for achieving information security. This standard, however, contains ambiguous descriptions. In addition, it does not stipulate any method to identify assets, threats, and vulnerabilities. In this paper, we present a structured and pattern-based method to conduct risk analysis for cloud computing systems. It is tailored to SMEs. Our method addresses the requirements of the ISO 27001. We make use of the cloud system analysis pattern, security requirement patterns, threat patterns, and control patterns for conducting the risk analysis. The method is illustrated by a cloud logistics application example.
Article Search

proc time: 0.02