Building problem domain ontology from security requirements in regulatory documents

Seok Won Lee, Robin Gandhi, Divya Muthurajan, Deepak Yavagal, Gail Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

34 Scopus citations


Establishing secure systems assurance based on Certification and Accreditation (C&A) activities, requires effective ways to understand the enforced security requirements, gather relevant evidences, perceive related risks in the operational environment, and reveal their causal relationships with other domain concepts. However, C&A security requirements are expressed in multiple regulatory documents with complex interdependencies at different levels of abstractions that often result in subjective interpretations and non-standard implementations. Their non-functional nature imposes complex constraints on the emergent behavior of software-intensive systems, making them hard to understand, predict, and control. To address these issues, we present novel techniques from software requirements engineering and knowledge engineering for systematically extracting, modeling, and analyzing security requirements and related concepts from multiple C&A-enforced regulatory documents. We employ advanced ontological engineering processes as our primary modeling technique to represent complex and diverse characteristics of C&A security requirements and related domain knowledge. We apply our methodology to build problem domain ontology from regulatory documents enforced by the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP).

Original languageEnglish (US)
Title of host publicationProceedings of the 2006 International Workshop on Self-Adaptation and Self-Managing Systems, SEAMS 2006, Co-located with the 28th International Conference on Software Engineering, ICSE 2006
PublisherIEEE Computer Society
Number of pages7
ISBN (Electronic)1595934030, 1595934111, 9781595934031, 9781595934116
StatePublished - May 21 2006
Externally publishedYes
EventInternational Workshop on Software Engineering for Secure Systems, SESS 2006 - Shanghai, China
Duration: May 20 2006May 21 2006

Publication series

NameProceedings - International Conference on Software Engineering
ISSN (Print)0270-5257


OtherInternational Workshop on Software Engineering for Secure Systems, SESS 2006


  • Information Security Requirements Engineering
  • Information Systems Certification and Accreditation
  • Ontological Engineering
  • Secure Software Assurance

ASJC Scopus subject areas

  • Software


Dive into the research topics of 'Building problem domain ontology from security requirements in regulatory documents'. Together they form a unique fingerprint.

Cite this