Advertisement

Towards an Ontological Interpretation on the i* Modeling Language Extended with Security Concepts: A Bunge-Wand-Weber Model Perspective

  • Gen-Yih Liao
  • Po-Jui Liang
  • Li-Ting Huang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8016)

Abstract

Goal-oriented requirements engineering can facilitate the elicitation and representation of various types of requirements, including organizational and security requirements. This paper applies the Bunge-Wand-Weber ontological model to analyze and evaluate the security concepts in the extended i* modeling language that has been considered as one of representative methods concerning goal-oriented modeling languages. The findings revealed that among the seventeen terms analyzed, thirteen concepts can be directly mapped to ontological terms. The findings can help in future works develop modeling rules to assist security requirements engineering.

Keywords

i* modeling language security requirement Bunge-Wand-Weber ontological model ontological analysis 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Al-Subaie, H.S.F., Maibaum, T.S.E.: Evaluating the effectiveness of a goal-oriented requirements engineering method. In: Proceedings of the Fourth International Workshop on Comparative Evaluation in Requirements Engineering 2006, pp. 8–19. IEEE (2006)Google Scholar
  2. 2.
    Mylopoulos, J., Chung, L., Yu, E.: From object-oriented to goal-oriented requirements analysis. Communications of the ACM 42(1), 31–37 (1999)CrossRefGoogle Scholar
  3. 3.
    Kavakli, E.: Goal-oriented requirements engineering: A unifying framework. Requirements Engineering 6(4), 237–251 (2002)zbMATHCrossRefGoogle Scholar
  4. 4.
    Van Lamsweerde, A.: Goal-oriented requirements engineering: a guided tour. In: Proceedings of the Fifth IEEE International Symposium on Requirements Engineering 2001, pp. 249–262. IEEE (2001)Google Scholar
  5. 5.
    Yu, E.S.: Social Modeling and i*. In: Borgida, A.T., Chaudhri, V.K., Giorgini, P., Yu, E.S. (eds.) Conceptual Modeling: Foundations and Applications. LNCS, vol. 5600, pp. 99–121. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    ITU, T.S.S.O.: Series Z: Languages and General Software Aspects for Telecommunication Systems. Formal Description Techniques (FDT) – User Requirements Notation (URN) - Language Definition (2011)Google Scholar
  7. 7.
    Elahi, G., Yu, E., Zannone, N.: A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities. Requirements Engineering 15(1), 41–62 (2010)CrossRefGoogle Scholar
  8. 8.
    Wand, Y., Weber, R.: On the ontological expressiveness of information systems analysis and design grammars. Information Systems Journal 3(4), 217–237 (1993)CrossRefGoogle Scholar
  9. 9.
    Wand, Y., Weber, R.: On the deep structure of information systems. Information Systems Journal 5(3), 203–223 (1995)CrossRefGoogle Scholar
  10. 10.
    Green, P., Rosemann, M.: Integrated process modeling: an ontological evaluation. Information Systems 25(2), 73–87 (2000)CrossRefGoogle Scholar
  11. 11.
    Opdahl, A.L., Henderson-Sellers, B.: Ontological evaluation of the UML using the Bunge–Wand–Weber model. Software and Systems Modeling 1(1), 43–67 (2002)Google Scholar
  12. 12.
    Irwin, G., Turk, D.: An ontological analysis of use case modeling grammar. Journal of the Association for Information Systems 6(1), 1–36 (2005)Google Scholar
  13. 13.
    Green, P., et al.: Candidate interoperability standards: An ontological overlap analysis. Data & Knowledge Engineering 62(2), 274–291 (2007)CrossRefGoogle Scholar
  14. 14.
    Zur Muehlen, M., Indulska, M.: Modeling languages for business processes and business rules: A representational analysis. Information Systems 35(4), 379–390 (2010)CrossRefGoogle Scholar
  15. 15.
    Becker, J., et al.: Evaluating the Expressiveness of Domain Specific Modeling Languages Using the Bunge-Wand-Weber Ontology. In: Proceedings of the 43rd Hawaii International Conference on System Sciences. IEEE (2010)Google Scholar
  16. 16.
    Recker, J., et al.: Do ontological deficiencies in modeling grammars matter. MIS Quarterly 35(1), 57–79 (2011)Google Scholar
  17. 17.
    Rosemann, M., Green, P., Indulska, M.: A reference methodology for conducting ontological analyses. In: Atzeni, P., Chu, W., Lu, H., Zhou, S., Ling, T.-W. (eds.) ER 2004. LNCS, vol. 3288, pp. 110–121. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  18. 18.
    Bisht, P., Madhusudan, P., Venkatakrishnan, V.N.: CANDID: Dynamic candidate evaluations for automatic prevention of SQL injection attacks. ACM Trans. Inf. Syst. Secur. 13(2), 1–39 (2010)CrossRefGoogle Scholar
  19. 19.
    den Braber, F., et al.: Model-based security analysis in seven steps—a guided tour to the coras method. BT Technology Journal 25, 101–117 (2007)CrossRefGoogle Scholar
  20. 20.
    Tsipenyuk, K., Chess, B., McGraw, G.: Seven pernicious kingdoms: A taxonomy of software security errors. IEEE Security & Privacy 3, 81–84 (2005)CrossRefGoogle Scholar
  21. 21.
    Bunge, M.: Treatise on Basic Philosophy. Ontology II: A World of Systems, vol. 4. Reidel Publishing Company, Holland (1979)Google Scholar
  22. 22.
    Bunge, M.: Treatise on Basic Philosophy. The Furniture of the World, vol. 3. Reidel Publishing Company, Holland (1977)Google Scholar
  23. 23.
    Gollwitzer, P.M.: Mindset theory of action phases. In: Van Lange, P.A.M., Kruglanski, A.W., Higgins, E.T. (eds.) Handbook of Theories of Social Psychology, vol. 1, pp. 526–546. Sage Publications Ltd. (2012)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Gen-Yih Liao
    • 1
  • Po-Jui Liang
    • 1
  • Li-Ting Huang
    • 1
  1. 1.Department of Information ManagementChang Gung UniversityTaiwan, R.O.C.

Personalised recommendations