An Ontology Based Information Security Requirements Engineering Framework

Software Requirement Specification (SRS) is frequently evolving to reflect requirements change during project development. Therefore, it needs enhancement to facilitate its authoring and reuse. This paper proposes a framework for building a part of SRS related to information security requirements (ISRs) using ontologies. Such a framework allows ensuring ISRs traceability and reuse. The framework uses three kinds of generic ontologies as a solution to this problem - software requirement ontology, application domain ontology, information security ontology. We propose to enhance SRS by associating the ISR with specific entities within ontologies. We aim to facilitate a semantic-based interpretation of ISRs by restricting their interpretation through the three previous ontologies. Semantic form is used to improve our ability to create, manage, and maintain ISRs. We anticipate that the proposed framework would be very helpful for requirements engineers to create and understand the ISRs.