Title: Ontology-based representation of reusable security requirements for developing secure web applications

Authors: P. Salini; S. Kanmani

Addresses: Department of Computer Science and Engineering, Pondicherry Engineering College, Puducherry-605014, India ' Department of Information Technology, Pondicherry Engineering College, Puducherry-605014, India

Abstract: Security is the major issue in web applications and it should be carefully considered in all the phases of the software development life cycle. The security requirements should be elicited and analysed in the early stages of requirements engineering. They are elicited from different sources by using security requirements engineering methods. Ontology can be used as one of the sources to specify security requirements knowledge effectively, since it is a 'formal, explicit specification of shared concepts' and is reusable. But there are no standard or only primitive security requirements ontology is available for requirements engineering phase. In this paper, we proposed and created security requirements ontology for web applications. Hence, we can reuse the security requirements knowledge and specify security requirements for developing different web applications. The reusability and effectiveness of security requirements ontology are validated using querying method.

Keywords: security requirements; requirements engineering; web applications; ontology; knowledge; vulnerabilities; assets; threats; security attributes; internet.

DOI: 10.1504/IJITST.2013.058295

International Journal of Internet Technology and Secured Transactions, 2013 Vol.5 No.1, pp.63 - 83

Received: 22 Oct 2012
Accepted: 17 Feb 2013
Published online: 19 Jul 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article