The Experts below are selected from a list of 327 Experts worldwide ranked by ideXlab platform
Deepak S Yavagal - One of the best experts on this subject based on the ideXlab platform.
-
building decision support Problem Domain ontology from natural language requirements for software assurance
International Journal of Software Engineering and Knowledge Engineering, 2006Co-Authors: Seok Won Lee, Divya Muthurajan, Robin A Gandhi, Deepak S Yavagal, Gailjoon AhnAbstract:The process of engineering software-intensive systems that comply with their Certification and Accreditation (C&A) requirements involves many critical decision-making activities for the related stakeholders. Considering the exhaustive nature of C&A activities together with the complexity of software-intensive systems, effective decision making relies heavily on the ways to understand and structure the Problem Domain concepts concerning decision points for interpretation, applicability, scope, evaluation, and impact of the enforced C&A requirements. These decision points are further complicated by natural language specifications of inherently non-functional C&A requirements scattered across multiple regulatory documents with complex interdependencies at different levels of abstractions in the organizational hierarchy, which often result in subjective interpretations and non-standard implementations of the C&A process. To address these issues, we define a systematic methodology using novel techniques from software Requirements Engineering (RE) and knowledge engineering for understanding and structuring the Problem Domain concepts based on a uniform representation format that promotes common understanding among stakeholders. Specifically, we use advanced ontological engineering techniques driven by theoretical RE foundations to systematically elicit, model, understand, and analyze Problem Domain concepts concerning significant and difficult decision points throughout the C&A process. We demonstrate the appropriateness of our methodology in creating decision support Problem Domain ontology using several examples derived from our experiences on automating the Department of Defense Information Technology Security C&A Process (DITSCAP).
-
building Problem Domain ontology from security requirements in regulatory documents
International Conference on Software Engineering, 2006Co-Authors: Robin A Gandhi, Divya Muthurajan, Deepak S YavagalAbstract:Establishing secure systems assurance based on Certification and Accreditation (C&A) activities, requires effective ways to understand the enforced security requirements, gather relevant evidences, perceive related risks in the operational environment, and reveal their causal relationships with other Domain concepts. However, C&A security requirements are expressed in multiple regulatory documents with complex interdependencies at different levels of abstractions that often result in subjective interpretations and non-standard implementations. Their non-functional nature imposes complex constraints on the emergent behavior of software-intensive systems, making them hard to understand, predict, and control. To address these issues, we present novel techniques from software requirements engineering and knowledge engineering for systematically extracting, modeling, and analyzing security requirements and related concepts from multiple C&A-enforced regulatory documents. We employ advanced ontological engineering processes as our primary modeling technique to represent complex and diverse characteristics of C&A security requirements and related Domain knowledge. We apply our methodology to build Problem Domain ontology from regulatory documents enforced by the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP).
-
SESS@ICSE - Building Problem Domain ontology from security requirements in regulatory documents
Proceedings of the 2006 international workshop on Software engineering for secure systems - SESS '06, 2006Co-Authors: Seok Won Lee, Divya Muthurajan, Robin A Gandhi, Deepak S Yavagal, Gailjoon AhnAbstract:Establishing secure systems assurance based on Certification and Accreditation (C&A) activities, requires effective ways to understand the enforced security requirements, gather relevant evidences, perceive related risks in the operational environment, and reveal their causal relationships with other Domain concepts. However, C&A security requirements are expressed in multiple regulatory documents with complex interdependencies at different levels of abstractions that often result in subjective interpretations and non-standard implementations. Their non-functional nature imposes complex constraints on the emergent behavior of software-intensive systems, making them hard to understand, predict, and control. To address these issues, we present novel techniques from software requirements engineering and knowledge engineering for systematically extracting, modeling, and analyzing security requirements and related concepts from multiple C&A-enforced regulatory documents. We employ advanced ontological engineering processes as our primary modeling technique to represent complex and diverse characteristics of C&A security requirements and related Domain knowledge. We apply our methodology to build Problem Domain ontology from regulatory documents enforced by the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP).
Seok Won Lee - One of the best experts on this subject based on the ideXlab platform.
-
Understanding and recommending security requirements from Problem Domain ontology: A cognitive three-layered approach
Journal of Systems and Software, 2020Co-Authors: Bong-jae Kim, Seok Won LeeAbstract:Abstract Socio-technical systems (STS) are inherently complex due to the heterogeneity of its intertwined components. Therefore, ensuring STS security continues to pose significant challenges. Persistent security issues in STS are extremely critical to address as threats to security can affect entire enterprises, resulting in significant recovery costs. A profound understanding of the Problems across multiple dimensions of STS is the key in addressing such security issues. However, we lack a systematic acquisition of the scattered knowledge related to design, development, and execution of STS. In this work, we methodologically analyze security issues from a requirements engineering perspective. We propose a cognitive three-layered framework integrating various modeling methodologies and knowledge sources related to security. This framework helps in understanding essential components of security and making recommendations of security requirements regarding threat analyses and risk assessments using Problem Domain Ontology (PDO) knowledge base. We also provide tool support for our framework. With the goal-oriented security reference model, we demonstrate how security requirements are recommended based on PDO, with the help of the tool. The organized acquisition of knowledge from SME groups and the Domain working group provides rich context of security requirements, and also enhances the re-usability of the knowledge set.
-
APSEC - Analytical Study of Cognitive Layered Approach for Understanding Security Requirements Using Problem Domain Ontology
2016 23rd Asia-Pacific Software Engineering Conference (APSEC), 2016Co-Authors: Bong-jae Kim, Seok Won LeeAbstract:Socio-technical Systems (STS) consist of complicated requirements that consider a variety of stakeholders' viewpoints, and are inherently complex due to heterogeneity characteristics of STS components. However, security in STS is still a major issue, which can be explained by the resulting cost and the impact of the STS intrusion on the whole enterprise. However, research related to recommending security requirements for a target STS is insufficient. Firstly, systematic acquisition of understanding the Problem with rich context-awareness is not provided to STS, since the knowledge for the development and execution of STS is scattered. Secondly, the majority of security analysis focuses on only the technical approach, although it is necessary to perform a holistic analysis of STS due to heterogeneity characteristics. In order to solve these Problems, we conduct a study of the three-layered framework for recommending security requirements through goal-oriented risk assessment using a Problem Domain Ontology (PDO). By using this framework, we demonstrate how the PDO is built through collecting, analyzing, and categorizing different information and knowledge from various sources, and how security requirements are recommended from the threat analysis and the goal-oriented risk assessment based on PDO. In addition, we discuss the applicability of this framework with a case study based on a real threat scenario. This paper contributes to security requirements engineering research by proposing a methodology for systematically organizing knowledge with a security requirements recommendation framework using the PDO.
-
building decision support Problem Domain ontology from natural language requirements for software assurance
International Journal of Software Engineering and Knowledge Engineering, 2006Co-Authors: Seok Won Lee, Divya Muthurajan, Robin A Gandhi, Deepak S Yavagal, Gailjoon AhnAbstract:The process of engineering software-intensive systems that comply with their Certification and Accreditation (C&A) requirements involves many critical decision-making activities for the related stakeholders. Considering the exhaustive nature of C&A activities together with the complexity of software-intensive systems, effective decision making relies heavily on the ways to understand and structure the Problem Domain concepts concerning decision points for interpretation, applicability, scope, evaluation, and impact of the enforced C&A requirements. These decision points are further complicated by natural language specifications of inherently non-functional C&A requirements scattered across multiple regulatory documents with complex interdependencies at different levels of abstractions in the organizational hierarchy, which often result in subjective interpretations and non-standard implementations of the C&A process. To address these issues, we define a systematic methodology using novel techniques from software Requirements Engineering (RE) and knowledge engineering for understanding and structuring the Problem Domain concepts based on a uniform representation format that promotes common understanding among stakeholders. Specifically, we use advanced ontological engineering techniques driven by theoretical RE foundations to systematically elicit, model, understand, and analyze Problem Domain concepts concerning significant and difficult decision points throughout the C&A process. We demonstrate the appropriateness of our methodology in creating decision support Problem Domain ontology using several examples derived from our experiences on automating the Department of Defense Information Technology Security C&A Process (DITSCAP).
-
SESS@ICSE - Building Problem Domain ontology from security requirements in regulatory documents
Proceedings of the 2006 international workshop on Software engineering for secure systems - SESS '06, 2006Co-Authors: Seok Won Lee, Divya Muthurajan, Robin A Gandhi, Deepak S Yavagal, Gailjoon AhnAbstract:Establishing secure systems assurance based on Certification and Accreditation (C&A) activities, requires effective ways to understand the enforced security requirements, gather relevant evidences, perceive related risks in the operational environment, and reveal their causal relationships with other Domain concepts. However, C&A security requirements are expressed in multiple regulatory documents with complex interdependencies at different levels of abstractions that often result in subjective interpretations and non-standard implementations. Their non-functional nature imposes complex constraints on the emergent behavior of software-intensive systems, making them hard to understand, predict, and control. To address these issues, we present novel techniques from software requirements engineering and knowledge engineering for systematically extracting, modeling, and analyzing security requirements and related concepts from multiple C&A-enforced regulatory documents. We employ advanced ontological engineering processes as our primary modeling technique to represent complex and diverse characteristics of C&A security requirements and related Domain knowledge. We apply our methodology to build Problem Domain ontology from regulatory documents enforced by the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP).
Robin A Gandhi - One of the best experts on this subject based on the ideXlab platform.
-
building decision support Problem Domain ontology from natural language requirements for software assurance
International Journal of Software Engineering and Knowledge Engineering, 2006Co-Authors: Seok Won Lee, Divya Muthurajan, Robin A Gandhi, Deepak S Yavagal, Gailjoon AhnAbstract:The process of engineering software-intensive systems that comply with their Certification and Accreditation (C&A) requirements involves many critical decision-making activities for the related stakeholders. Considering the exhaustive nature of C&A activities together with the complexity of software-intensive systems, effective decision making relies heavily on the ways to understand and structure the Problem Domain concepts concerning decision points for interpretation, applicability, scope, evaluation, and impact of the enforced C&A requirements. These decision points are further complicated by natural language specifications of inherently non-functional C&A requirements scattered across multiple regulatory documents with complex interdependencies at different levels of abstractions in the organizational hierarchy, which often result in subjective interpretations and non-standard implementations of the C&A process. To address these issues, we define a systematic methodology using novel techniques from software Requirements Engineering (RE) and knowledge engineering for understanding and structuring the Problem Domain concepts based on a uniform representation format that promotes common understanding among stakeholders. Specifically, we use advanced ontological engineering techniques driven by theoretical RE foundations to systematically elicit, model, understand, and analyze Problem Domain concepts concerning significant and difficult decision points throughout the C&A process. We demonstrate the appropriateness of our methodology in creating decision support Problem Domain ontology using several examples derived from our experiences on automating the Department of Defense Information Technology Security C&A Process (DITSCAP).
-
building Problem Domain ontology from security requirements in regulatory documents
International Conference on Software Engineering, 2006Co-Authors: Robin A Gandhi, Divya Muthurajan, Deepak S YavagalAbstract:Establishing secure systems assurance based on Certification and Accreditation (C&A) activities, requires effective ways to understand the enforced security requirements, gather relevant evidences, perceive related risks in the operational environment, and reveal their causal relationships with other Domain concepts. However, C&A security requirements are expressed in multiple regulatory documents with complex interdependencies at different levels of abstractions that often result in subjective interpretations and non-standard implementations. Their non-functional nature imposes complex constraints on the emergent behavior of software-intensive systems, making them hard to understand, predict, and control. To address these issues, we present novel techniques from software requirements engineering and knowledge engineering for systematically extracting, modeling, and analyzing security requirements and related concepts from multiple C&A-enforced regulatory documents. We employ advanced ontological engineering processes as our primary modeling technique to represent complex and diverse characteristics of C&A security requirements and related Domain knowledge. We apply our methodology to build Problem Domain ontology from regulatory documents enforced by the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP).
-
SESS@ICSE - Building Problem Domain ontology from security requirements in regulatory documents
Proceedings of the 2006 international workshop on Software engineering for secure systems - SESS '06, 2006Co-Authors: Seok Won Lee, Divya Muthurajan, Robin A Gandhi, Deepak S Yavagal, Gailjoon AhnAbstract:Establishing secure systems assurance based on Certification and Accreditation (C&A) activities, requires effective ways to understand the enforced security requirements, gather relevant evidences, perceive related risks in the operational environment, and reveal their causal relationships with other Domain concepts. However, C&A security requirements are expressed in multiple regulatory documents with complex interdependencies at different levels of abstractions that often result in subjective interpretations and non-standard implementations. Their non-functional nature imposes complex constraints on the emergent behavior of software-intensive systems, making them hard to understand, predict, and control. To address these issues, we present novel techniques from software requirements engineering and knowledge engineering for systematically extracting, modeling, and analyzing security requirements and related concepts from multiple C&A-enforced regulatory documents. We employ advanced ontological engineering processes as our primary modeling technique to represent complex and diverse characteristics of C&A security requirements and related Domain knowledge. We apply our methodology to build Problem Domain ontology from regulatory documents enforced by the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP).
Altan Kocyigit - One of the best experts on this subject based on the ideXlab platform.
-
Size and Effort Estimation Based on Problem Domain Measures for Object-Oriented Software
International Journal of Software Engineering and Knowledge Engineering, 2018Co-Authors: Tulin Ercelebi Ayyildiz, Altan KocyigitAbstract:This paper analyzes the correlations between the Problem Domain measures such as the number of distinct nouns and distinct verbs in the requirements artifacts and the solution Domain measures such as the number of software classes and methods in the corresponding object-oriented software. For this purpose, 14 completed software development projects of a CMMI Level-3 certified defense industry company have been analyzed. The observed strong correlation is taken as the indication of linear relationship between the measures and a size estimation model based on linear regression analysis is proposed. Prediction performance of the method is analyzed on the 14 software projects. Moreover, it has been observed that there is a high correlation between the Problem Domain measures and the development effort. Therefore, the linear regression analysis is also used to estimate the effort in terms of the Problem Domain measures. The effort estimations are also evaluated and compared with the efforts predicted using the size measured by the COSMIC Function Point (CFP) method. The results show that the proposed method provides more accurate effort estimates compared to the effort estimated by using CFP size measurement.
-
Size and Effort Estimation Based on Problem Domain Measures for Object-Oriented Software
International Journal of Software Engineering and Knowledge Engineering, 2018Co-Authors: Tulin Ercelebi Ayyildiz, Altan KocyigitAbstract:This paper analyzes the correlations between the Problem Domain measures such as the number of distinct nouns and distinct verbs in the requirements artifacts and the solution Domain measures such ...
-
correlations between Problem Domain and solution Domain size measures for open source software
Software Engineering and Advanced Applications, 2014Co-Authors: Tulin Ercelebi Ayyildiz, Altan KocyigitAbstract:Predicting how much effort will be required to complete a software project as early as possible is a very important factor in the success of software development projects. Including function points and its variants, there are several size measures and corresponding measurement methods that can be used for effort estimation. However, in most of the projects, there is limited amount of information available in the early stages and significant effort is spent for size measurement and effort estimation with such methods. This paper analyzes the correlation between the size metrics of conceptual model of the Problem Domain and the resulting software. For this purpose, we consider open source project management and game software. We apply linear regression and cross validation techniques to investigate the relation between the sizes of Problem Domain (i.e., Conceptual) and solution Domain (i.e., Design) models. The results reveal a high correlation between the number of conceptual classes in the Problem Domain model and the number of software classes constituting the corresponding software. The results suggest that it is possible to use Problem Domain descriptions in the early stages of software development projects to make plausible predictions for the size of the software.
-
EUROMICRO-SEAA - Correlations between Problem Domain and Solution Domain Size Measures for Open Source Software
2014 40th EUROMICRO Conference on Software Engineering and Advanced Applications, 2014Co-Authors: Tulin Ercelebi Ayyildiz, Altan KocyigitAbstract:Predicting how much effort will be required to complete a software project as early as possible is a very important factor in the success of software development projects. Including function points and its variants, there are several size measures and corresponding measurement methods that can be used for effort estimation. However, in most of the projects, there is limited amount of information available in the early stages and significant effort is spent for size measurement and effort estimation with such methods. This paper analyzes the correlation between the size metrics of conceptual model of the Problem Domain and the resulting software. For this purpose, we consider open source project management and game software. We apply linear regression and cross validation techniques to investigate the relation between the sizes of Problem Domain (i.e., Conceptual) and solution Domain (i.e., Design) models. The results reveal a high correlation between the number of conceptual classes in the Problem Domain model and the number of software classes constituting the corresponding software. The results suggest that it is possible to use Problem Domain descriptions in the early stages of software development projects to make plausible predictions for the size of the software.
Divya Muthurajan - One of the best experts on this subject based on the ideXlab platform.
-
building decision support Problem Domain ontology from natural language requirements for software assurance
International Journal of Software Engineering and Knowledge Engineering, 2006Co-Authors: Seok Won Lee, Divya Muthurajan, Robin A Gandhi, Deepak S Yavagal, Gailjoon AhnAbstract:The process of engineering software-intensive systems that comply with their Certification and Accreditation (C&A) requirements involves many critical decision-making activities for the related stakeholders. Considering the exhaustive nature of C&A activities together with the complexity of software-intensive systems, effective decision making relies heavily on the ways to understand and structure the Problem Domain concepts concerning decision points for interpretation, applicability, scope, evaluation, and impact of the enforced C&A requirements. These decision points are further complicated by natural language specifications of inherently non-functional C&A requirements scattered across multiple regulatory documents with complex interdependencies at different levels of abstractions in the organizational hierarchy, which often result in subjective interpretations and non-standard implementations of the C&A process. To address these issues, we define a systematic methodology using novel techniques from software Requirements Engineering (RE) and knowledge engineering for understanding and structuring the Problem Domain concepts based on a uniform representation format that promotes common understanding among stakeholders. Specifically, we use advanced ontological engineering techniques driven by theoretical RE foundations to systematically elicit, model, understand, and analyze Problem Domain concepts concerning significant and difficult decision points throughout the C&A process. We demonstrate the appropriateness of our methodology in creating decision support Problem Domain ontology using several examples derived from our experiences on automating the Department of Defense Information Technology Security C&A Process (DITSCAP).
-
building Problem Domain ontology from security requirements in regulatory documents
International Conference on Software Engineering, 2006Co-Authors: Robin A Gandhi, Divya Muthurajan, Deepak S YavagalAbstract:Establishing secure systems assurance based on Certification and Accreditation (C&A) activities, requires effective ways to understand the enforced security requirements, gather relevant evidences, perceive related risks in the operational environment, and reveal their causal relationships with other Domain concepts. However, C&A security requirements are expressed in multiple regulatory documents with complex interdependencies at different levels of abstractions that often result in subjective interpretations and non-standard implementations. Their non-functional nature imposes complex constraints on the emergent behavior of software-intensive systems, making them hard to understand, predict, and control. To address these issues, we present novel techniques from software requirements engineering and knowledge engineering for systematically extracting, modeling, and analyzing security requirements and related concepts from multiple C&A-enforced regulatory documents. We employ advanced ontological engineering processes as our primary modeling technique to represent complex and diverse characteristics of C&A security requirements and related Domain knowledge. We apply our methodology to build Problem Domain ontology from regulatory documents enforced by the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP).
-
SESS@ICSE - Building Problem Domain ontology from security requirements in regulatory documents
Proceedings of the 2006 international workshop on Software engineering for secure systems - SESS '06, 2006Co-Authors: Seok Won Lee, Divya Muthurajan, Robin A Gandhi, Deepak S Yavagal, Gailjoon AhnAbstract:Establishing secure systems assurance based on Certification and Accreditation (C&A) activities, requires effective ways to understand the enforced security requirements, gather relevant evidences, perceive related risks in the operational environment, and reveal their causal relationships with other Domain concepts. However, C&A security requirements are expressed in multiple regulatory documents with complex interdependencies at different levels of abstractions that often result in subjective interpretations and non-standard implementations. Their non-functional nature imposes complex constraints on the emergent behavior of software-intensive systems, making them hard to understand, predict, and control. To address these issues, we present novel techniques from software requirements engineering and knowledge engineering for systematically extracting, modeling, and analyzing security requirements and related concepts from multiple C&A-enforced regulatory documents. We employ advanced ontological engineering processes as our primary modeling technique to represent complex and diverse characteristics of C&A security requirements and related Domain knowledge. We apply our methodology to build Problem Domain ontology from regulatory documents enforced by the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP).
